Creating an SSL Certificate for SharePoint (Development)

I have recently been researching Active Directory Federated Services (ADFS), for my upcoming book on SharePoint 2013. Once of the requirements for ADFS is to communicate with relying parties, such as SharePoint, over SSL. Setting up SSL for a SharePoint web application is a trivial process, but nonetheless, one I thought I’d blog about.

Note: The following steps create a self-signed certificate for development purposes, never use these in production.

1. Open Internet Information Service Manager 7

2. Click on the server name in the left navigation tree, and then double-click the Server Certificates icon on the right, under IIS section.

3. Click the link to create a self-signed certificate

4. Give the certificate a friendly name, and then click the OK button

5. Double-click the self-signed certificate to see the details

6. Click the details tab and then click the button to copy the certificate to a file

7. Click the next button

8. Select the option to NOT export the private key, then click the next button

9. Choose the export format (I chose the default DER format) and then the next button

10. Give the certificate a filename and browse to a location on disk

11. Click the next button, then finish button to export the certificate to the file

You have now created a new self-signed certificate and exported the public key to a file on disk. The steps that follow demonstrate adding the public key to the trusted root authorities certificate store, so the certificate is trusted on the local machine – this avoids annoying messages in IE about untrusted certificates.

12. Open the Microsoft Management Console (MMC.exe)

13. Add the Certificates snap-in for the computer account and local machine

14. Import the certificate into the Trusted Root Certificate Authorities node

15. Import the certificate into the SharePoint node

Now we have a trusted certificate, next we add the certificate to the trusted store in SharePoint, using the following PowerShell script:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:MYCert.cer ")
New-SPTrustedRootAuthority -Name "SharePoint Certificate" -Certificate $cert

Note: you must provide the full path to the CER file in the above script.

Let’s go ahead and bind the certificate to an application (web site) in IIS:

16. Return to IIS Management

17. Click the SharePoint application in the left navigation, under sites

18. Click the Bindings link (on the far right)

19. Click the add button

20. Choose HTTPS, and select the certificate to use

Finally, we must let SharePoint know that we can receive requests on the SSL address, by creating an Alternate Access Mapping entry, as follows:

21. Open Central Administration

22. Click the Application Management heading

23. Click the link to configure alternate access mappings

24. Click the button to Edit Public URLs

25. Change the Alternate Access Mapping Collection for the correct web application

26. Choose an empty zone and add the HTTP URL (this should be the full domain name that is listed for the self-signed certificate in IIS)

That’s all there is to it.

3 thoughts on “Creating an SSL Certificate for SharePoint (Development)

  1. Jacob

    Very Helpful, got me through the basics.

    Regarding step 15, could you tell me why you do that step and if i should be doing this for each web application i create that uses an SSL cert?

    Thanks!

Comments are closed.