Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SSL for SharePoint

Posted on 2014-03-13
9
351 Views
Last Modified: 2014-03-20
Any idea how to enable the current SharePoint 2010 with SSL ?

Currently, the Portal has supported several sites, some binded to different port while others create under /sites/xxx.

Do I need to change the web alternate path and change it from http to https ? Any steps or guideline is appreciate.


Tks
0
Comment
Question by:AXISHK
  • 5
  • 3
9 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39926678
Internally SSL is not used in majority of cases, however, SSL is used when connecting from the outside.  With one SSL certificate, you could host multiple SharePoint sites on the same server as long as your certificate is a wildcard type.  You will need to make changes in IIS as well as you will need alternate paths in SharePoint.

Refer to http://blogs.msdn.com/b/sharepoint_strategery/archive/2013/05/27/alternate-access-mappings-explained.aspx for more info.
0
 

Author Comment

by:AXISHK
ID: 39928580
Tks. How to create and load the SSL certificate on SharePoint ?
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 39934363
Are you wanting to force all traffic over SSL, or allow users to use both?  If the latter, just extend the web application (Central Admin - Manage Web Apps - Extend) to another zone and specify SSL.  You'll then need to install the Cert to the binding on the extended site in IIS (not the original site).

If you want to force SSL and need to change the Default Zone URL to https, that is another story.  Best practice is to remove SharePoint from the IIS site then re-extend.  

http://blogs.msdn.com/b/russmax/archive/2013/02/27/how-to-properly-change-the-host-header-url-of-a-web-application-in-sharepoint-2010.aspx
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:AXISHK
ID: 39934431
"just extend the web application (Central Admin - Manage Web Apps - Extend) to another zone and specify SSL.  You'll then need to install the Cert to the binding on the extended site in IIS (not the original site)."

Any more instruction (or guideline) on this ?
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39934616
0
 

Author Comment

by:AXISHK
ID: 39935957
Internal URL                             zone                        Public URL for Zone
http://portal:8083                    Default                     http://portal:8083
http://portal                              Default                    http://portal
http://portal.abc.com              Extranet                  http://portal.abc.com
http://portal:8088                    Default                    http://portal:8081
http://ca01.abc.com:8081         Internet                   http://ca01.abc.com:8081

If I simply apply the ssl certificate under IIS mentioned below, does it equivalent to the your question "Are you wanting to force all traffic over SSL" ? Does it mean I can simplify request the SSL certificate under IIS and then modify the AAM ? Is that the setting that I need to go through (Configuration-3)

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR865

If I extend the web application, it will reuse same content even though I select "Use an existing IIS web site" and "Create a new IIS web site", correct ?

Should I put the entry as attached (Sharepoint1 & SharePoint2)
SharePoint1.png
SharePoint2.png
Configuration-3.png
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 39936683
You cannot simply do something in IIS, you must tell SharePoint about it.  Meaning you must extend the web app or add a new zone URL before doing anything in IIS.

By force I mean the site will only respond to https requests.  If you try http you'll get an error or be routed to https.  In order to do that you'll need to change your default zone URL.

If you extend, yes, the same content.
0
 

Author Comment

by:AXISHK
ID: 39936757
Giving the created url above :
http://portal:8083                    Default                    http://portal:8083
http://portal                             Default                    http://portal
http://portal.abc.com               Extranet                  http://portal.abc.com

And I want to support :  https://portal:8083, https://portal & https://portsal.abc.com, I need to extend these one by one ?

In addition, when extend the website, it asked for port, but in fact, I need to use the same port, but only access it through https, what should I need under the port, public url and zone ?

Or, can I simply "add a new zone URL" as you mentioned ? What zone should I add - Internet ?

Great Tks.
0
 

Author Closing Comment

by:AXISHK
ID: 39942407
Finally fix my problem, Tks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week I faced a strange issue recently, i have deployed SharePoint 2003 servers for one project and one of the requirements was to open SharePoint site from same server. when i was trying to open site from the same server i was getting authentic…
We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question