Changing the Port Number and Enabling SSL for SharePoint Central Administration Site

One of the common questions I get on the field is how to change the port number on Central Administation site.

Common mistake that admins do is just replacing the port number in Internet Information Server and fixing record in Alternative Access Mappings (AAM). But in this case settings are not stored in the Sharepoint database and the next time SharePoint Configuration is run, the settings will no longer be valid. Why? Because older settings were stored in a database.

You can imagine that most of the calls I got were when customers deployed SP1 on their farm, and just of a sudden Central administration stopped working...

There are two known procedures (maybe even more...).

Option A: Unprovisioning and provisioning of new CA site

The idea is to unprovision the old CA site and provision the new one. Complete procedure is explained on a Brett's Blog Adding Kerberos & SSL to Central Administration.

This procedure has some drawbacks and have to be careful if you made some customizations to the CA site or you made modifications to the CA's web.config file.

Option B:  STSADM command (getadminport, setadminport)

I think this approach is much better one. STSADM has a a switch you can use to read and set the port number or enable/disable SSL for Central Administration site.

To read settings:

If you are not sure what settings are stored in database, you can check with the command:

stsadm.exe -o getadminport

To change the settings:

stsadm.exe -o setadminport

Command has a few switches:

To change the port number:

stsadm.exe -o setadminport -port <port>

 

To enable SSL:

stsadm.exe -o setadminport -port <port> -SSL

For SSL to work you also need to import the certificate in the IIS console (Same as for any ordinary web site).

Technorati Tags: SharePoint, MOSS, stsadm, SSL, port

2009/08/25 Updated for typos. (Thanks to erosen03)