I have recently been researching Active Directory Federated Services (ADFS), for my upcoming book on SharePoint 2013. Once of the requirements for ADFS is to communicate with relying parties, such as SharePoint, over SSL. Setting up SSL for a SharePoint web application is a trivial process, but nonetheless, one I thought I’d blog about.
Note: The following steps create a self-signed certificate for development purposes, never use these in production.
1. Open Internet Information Service Manager 7
2. Click on the server name in the left navigation tree, and then double-click the Server Certificates icon on the right, under IIS section.
3. Click the link to create a self-signed certificate
4. Give the certificate a friendly name, and then click the OK button
5. Double-click the self-signed certificate to see the details
6. Click the details tab and then click the button to copy the certificate to a file
7. Click the next button
8. Select the option to NOT export the private key, then click the next button
9. Choose the export format (I chose the default DER format) and then the next button
10. Give the certificate a filename and browse to a location on disk
11. Click the next button, then finish button to export the certificate to the file
You have now created a new self-signed certificate and exported the public key to a file on disk. The steps that follow demonstrate adding the public key to the trusted root authorities certificate store, so the certificate is trusted on the local machine – this avoids annoying messages in IE about untrusted certificates.
13. Add the Certificates snap-in for the computer account and local machine
15. Import the certificate into the SharePoint node
Now we have a trusted certificate, next we add the certificate to the trusted store in SharePoint, using the following PowerShell script:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\MYCert.cer ")
New-SPTrustedRootAuthority -Name "SharePoint Certificate" -Certificate $cert
Note: you must provide the full path to the CER file in the above script.
Let’s go ahead and bind the certificate to an application (web site) in IIS:
16. Return to IIS Management
17. Click the SharePoint application in the left navigation, under sites
18. Click the Bindings link (on the far right)
19. Click the add button
20. Choose HTTPS, and select the certificate to use
Finally, we must let SharePoint know that we can receive requests on the SSL address, by creating an Alternate Access Mapping entry, as follows:
21. Open Central Administration
22. Click the Application Management heading
23. Click the link to configure alternate access mappings
24. Click the button to Edit Public URLs
25. Change the Alternate Access Mapping Collection for the correct web application
26. Choose an empty zone and add the HTTP URL (this should be the full domain name that is listed for the self-signed certificate in IIS)
That’s all there is to it.