Configure SSL for SharePoint 2013

In this tutorial I will show you how to configure SSL for SharePoint 2013.

Prerequisites:

  1. IIS 8
  2. SharePoint 2013
  3. Windows Server 2012
  4. HTTP Web Application on Port 80

Steps:

  1. Create Self Signed Certificate on IIS 8
  2. Import Self Signed Certificate to SharePoint Certificate store
  3. Add Self Signed Certificate to trust management in Central Administration
  4. Configure IIS Binding
  5. Configure AAM
  6. Notes
  7. Issues

Note: Make sure to perform these steps with admin privileges.

Step 1: Create Self Signed Certificate on IIS 8

Open IIS Manager and then go to Server name and choose IIS Section “Server Certificates

Click on Create Self-Signed Certificate... on Actions pane

Specify a name like “SharePointSelfSignedCert” and click Ok

Double click on this created Certificate and go to details Tab and click copy to File...

Click Next (Welcome…),

Select No, do not export the private key and click Next ,

Select DER encoded binary and click Next,

Specify the location for the certificate and Click Next and then finish (Imported).

Step 2: Import Self Signed Certificate to SharePoint Certificate store

Open Manage Compute Certificate on Windows Server 2012 and go to SharePoint node and then right click All tasks >> import

Click Next and then specify the location of exported certificate in previous step and then Click Next,

Make sure Certificate store is SharePoint and Click Next and then finish (Exported)

Step 3: Add Self Signed Certificate to trust management in Central Administration

Go to Central Administration >> Security >> Manage Trust (to inform SharePoint to trust this certificate also).

And Click New

And a name and specify the location for the certificate and Click Ok.

Step 4: Configure IIS Binding

Go to IIS Manager and choose your web application and then click on Binding in Actions pane

Click Add..

Type: Https

SSL Certificate: SharePointSlefSignedCert (which created previously).

Click Ok.

Step 5: Configure AAM

Go Central Administration >> Alternate Access Mapping and Choose your web application

And click on Edit Public URLs and then add HTTPS URL

And Click Save.

Now try to brows your site with HTTPS URL

 

 

 

 

Notes:

  1. Don’t use Self-Signed Certification in production sites (you need to use commercial Certificates).
    https://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
  2. If you add the Self-Signed Certificate to Trusted Root Certification Authorities then Certification error will disappear .
  3. IIS 8 and windows server 2012 introduce New Feature Called “Server Name Indication-SNI” which allows an IIS 8 to host multiple SSL sites and certificates on a single IP Address based on Host Headers.
    https://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
  4. You can use URL Rewirte module in IIS 8 to redirect from HTTP to HTTPS or vice versa.
    https://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
    https://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/ 
  5. SSL Certificates required for Federation Services.
  6. Test the SSL implementation using https://www.ssllabs.com/ssltest/ and make changes as in this article https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12

Issues:

 

Issue #1: Mixed HTTP and HTTPS Content

If you login with HTTPS URL and then redirect the user to HTTP , the browser will ask the user again to login with HTTP URL.

Fix:

Go To Central Administration

Open Alternate Access Mapping (AAM)

Select your will application from the dropdown menu on top right

Click on Edit Public URLs and remove HTTPS URL

Click on Add Internal URLs and add HTTPS URL and select the same zone as HTTP URL