Issues with SharePoint 2010 Central Administration running on SSL

  • Article

I configured my Farm with Central Administration running on SSL port 443. There are couple of issues I have run into with this configuration and want to share with community. My SP build version is 14.0.4762.1000.

  1. Problem while running User Profile Import Job - This was the first issue I ran into and had to go back and manually edit the url connection for my central administration site. Todd Klindt has blogged about the problem and solution in his blog at  https://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=223. This solution works but I'm not sure if it's the supported way to make things work. I haven't seen this as a bug in any KB. Since User Profile SA is a fragile thing, I always feel nervous while making such changes :-). But it has been working fine for me till now. Check with Microsoft support and get it verified.

  2. Setting up Content Deployment Job Paths - This was little tough to figure out. I was getting error while setting up job path using the traget CA running on SSL. This was the configuration of my farm

    • It's a single box SharePoint Server 2010 install
    • My Central Admin is running on SSL, port 443. I have used IIS to generate self SSL and used it for the CA. CA is opening fine with no certificate security error message
    • My authoring site is at https://author and prod site is https://prod

     When creating the Content Deployment path, after specifying the source CA url and credentials to connect, while testing the connection I get the following error message - 'The remote Web service request failed with this message : 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'.

The error indicates that there is some problem with cert. I checked that Issuer cert is there in the local trusted CA store. Since CA is opening fine, it means system is trusting the cert properly and there should not be an issue. When I added the Issuer cert to SharePoint trust relationship by using Manage Trust options under Security in CA, everything started working fine and the connection to the CA was succesfully setup. This was surprising as I always thought Manage trust option was to setup cross farm trust but in this case even in single Farm setup I had to do that.

I searched on the web and found a KB which was similar to my problem and seem to be the culprit for this issue also https://support.microsoft.com/kb/982982. I din't try the first option in KB which I believe should also work.