My first task is create a very basic team site with a URL www.sowmyan.com
1. First I am going to enter a host entry in the DNS in my Domain Controller(you can do it even after creating the site, but here I am going to add a new host entry with name “www”, thus the FQDN will be www.sowmyan.com) and pointing it to the IP address of my SharePoint server.
2. Now create a new web application in SharePoint central administration site. While creating the web application specify the port as 80 and host header as www.sowmyan.com, so while accessing the URL it will be neat and no need to specify port number.
3. After creating the web application creating a new site collection at the root.
4. Once the site got created browse to the site and if there is a loop back check then we can’t successfully login to the site, it may prompt for credentials 3 times and will show blank page. To resolve this issue follow the below KB article :
http://support.microsoft.com/kb/896861#letmefixit
http://support.microsoft.com/kb/896861#letmefixit
In my environment the issue got resolved after adding the DisableLoopBackCheck entry in the registry settings and a reboot by following the above mentioned KB.
5. Finally here is our site J
Now we will see how we can make our site SSL enabled.
We can either configure the web application to use SSL whenever we create new web application or extend the web application. In my scenario since I have already created a web application, I have to do the configuration manually.
For that I am going to do the following.
1. Go to Alternate Access Mappings: Central Administration à Application Management à Alternate Access Mapping.
2. Select the web application in the right most drop down and click on “Add Internal URLs”
3. Add a new URL with HTTPS, here I have added https://www.sowmyan.com and select a zone, here I have
selected Intranet zone. Then AAM collection will show the list of URLs with zones.
4. Now if we try to browse to the site using https it won’t browse because we have to install the certificate and
configure the website in IIS.
5. If you are not using DNS host entry then can create a self-signed certificate in IIS 7 or get a certificate from a third
party CA and can bind it with your SharePoint website. You can refer the following article for getting more
information about it.
http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-70/
http://blog.mikeobrien.net/PermaLink,guid,12d9628c-a350-4f7b-a573-9d05429b54e8.aspx
Follow the below TechNet to know more about the “Configuring Server Certificates in IIS 7”
But in my scenario since I am using DNS and thus I can’t use self-signed certificate if the host entry is in DNS. If I use a self-signed certificate I will get a Certificate Error:
2. On left side it will show the actions, and select “Create Domain Certificate”.
![clip_image004[1]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uoRGu1LLiRWcb4vPO3RkKjEgLsKzNRgXdqyH1FYZt49fOd5CKEmpVa4J-YTUQJR5XVzBUZdB2AvWfWe0EdvbR_ozX5C9VrfdPuLubLCqpW4UOypPQHtDttZp6ggoUbwOo52MoMG9gWCVWys9_HbG9ccltyLLXnK9xa-h5nrgo6te-dc_11mLEu6_l4T3rhQ_lg0KSJnJly3lh2ttkDjT3nGStdJLixW1hwPVaG=s0-d "clip_image004[1]")
If you don’t know the certification authority’s name then open the server manager in the DC machine and can find it out under “Active Directory Certificate services”
You may get some error if you didn’t specify the certificate authority name correctly or didn’t import it to the local machine’s trusted certificates folder (how it is done here – last portion)
5. Once it completed successfully you can see the certificates and once you click on the newly created certificate you
can see the details.
6. Next step is create a new binding with HTTPS and use the certificate that we just created.
Create an SSL Binding
New bindings default to http on port 80. Select https in the Type drop-down. Select the certificate that we created earlier from the SSL Certificate drop-down and click OK.
Now you have a new SSL binding on your site and all that remains is to verify that works.
Verify the SSL Binding
Look in your site's Actions pane for a link that will browse your site over your new HTTPS binding. Click this link to test your new binding.
Follow the below TechNet to know more about the “Configuring Server Certificates in IIS 7”
But in my scenario since I am using DNS and thus I can’t use self-signed certificate if the host entry is in DNS. If I use a self-signed certificate I will get a Certificate Error:
For that I have to first add “Active Directory Certificate Service” Role in my Domain Controller. Please follow my post to know how to add that role in Windows 2008 R2.
Now we are ready for the configuration of IIS website for SSL.
1. Double click on “Server Certificates” and it will open the configuration window.
2. On left side it will show the actions, and select “Create Domain Certificate”.
![clip_image004[1]](http://blogs.msdn.com/blogfiles/sowmyancs/WindowsLiveWriter/HowtoenableSSLonaSharePointwebapplicatio_1DAF/clip_image004%5B1%5D.jpg "clip_image004[1]")
3. It will open the below window and provide the details, but make sure the certificate's "Common Name" (CN) matches the host header in the request, e.g. if the client is making a request to www.contoso.com, then the CN must also be www.contoso.com
4. In the next screen you have to provide the Online Certification Authority details. You have to provide it in a specific format like below ( see the red box)
If you don’t know the certification authority’s name then open the server manager in the DC machine and can find it out under “Active Directory Certificate services”
You may get some error if you didn’t specify the certificate authority name correctly or didn’t import it to the local machine’s trusted certificates folder (how it is done here – last portion)
5. Once it completed successfully you can see the certificates and once you click on the newly created certificate you
can see the details.
6. Next step is create a new binding with HTTPS and use the certificate that we just created.
Create an SSL Binding
Select a site in the tree view and click Bindings... in the Actions pane. This brings up the bindings editor that lets you create, edit, and delete bindings for your website. Click the Add... button to add your new SSL binding to the site.
New bindings default to http on port 80. Select https in the Type drop-down. Select the certificate that we created earlier from the SSL Certificate drop-down and click OK.
Now you have a new SSL binding on your site and all that remains is to verify that works.
Verify the SSL Binding
Look in your site's Actions pane for a link that will browse your site over your new HTTPS binding. Click this link to test your new binding.
Once it is done just browse to your site with https: If everything is fine then you can see a small lock sign in the address bar and once you click on it will give you the details of your certificate and it will say that the connection to the server is encrypted.
Luego de configurar el protocolo SSL o HTTPS en SharePoint 2010 debemos de revisar…
Esta es un lista de cosas que debemos de revisar y asegurarnos que también
las modifiquemos:
* Esto es necesario en especial cuando se bloquea el uso del http, de lo contrario no es necesario. Para Excel Services si no esta bloqueado en vez de modificarlo es necesario agregar otra ubicación de confianza.
Explicación sobre los protocolos utilizados por SharePoint como sps3.
| Área | Acción |
| Alternate Access Mapping : Configurar el nuevo protocolo | https en alguna zona disponible de la Web Application |
| Search: Actualizar el Content Source | http por https * |
| sps3:// por sps3s:// | |
| Excel Services: Actualizar Trust File Location | http por https * |
* Esto es necesario en especial cuando se bloquea el uso del http, de lo contrario no es necesario. Para Excel Services si no esta bloqueado en vez de modificarlo es necesario agregar otra ubicación de confianza.
Explicación sobre los protocolos utilizados por SharePoint como sps3.
Comments
Post a Comment