locked
SSL Enabling my site RRS feed

  • Question

  • I have a problem. I am mandated to have an SSL certificate on my site. My Default Web Application/site/zone is using Port 80 and a host header (www.mycompany.com). Everything I have read recommends extending the web application and set the security to use SSL (which I did). I created wwwsp1.mycompany.com and attached the SSL certificate for that host name. To prevent users from using port 80 I simply went HTTP Redirect on IIS7 server and pointed requests to the alternate URL. - Problem - In Central Administration so many areas are referencing the port 80 URL (Peferred Search Center, for instance) which is now inaccessible.

    I also have an SSL certificate for www.mycompany.com. What I need to know is how to attach it to the default web application. I have read I can simply *Remove SharePoint from IIS Web site* in Application Management under Central Administration and recreate it using SSL. This scares the heck out of me. It is the Default web application and name. I DO see a benefit by the elimination of the Alternate Site Access Mapping Site.

    Any recommendations or guidance would be greatly appreciated.

    Jon

    Thursday, October 28, 2010 2:32 PM

Answers

  • check this one, its worked. In our setup we having the same kind of setup.

    http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/8239670f-7f58-419e-94dd-bb8972216250

     

    hope this works

    thanks

    -ws


    SharePoint administrator, MCTS,MCITP
    Thursday, October 28, 2010 3:21 PM
  • Jon,

    It should not be a complex process, i have done this several time in past. It simple First attach the certificate in IIS Site which will enable port 443 for that site and then go into Central Admin and change the Aletrnate Access Mappping to use https:// instead of http://

    You dont need to Extend the site or nor do you need to delete the IIS site and recreate it. It should be all done using IIS and Alternate Access Mapping.

    Make sure that if you have multiple WFE's, then you need to do the create and attach the cetificate on server's IIS console.

     


    Sameer Dhoot
    My Blog : http://sharemypoint.in/

    Did I answer your question? If YES, Mark as Answer. If NO, reply with details to continue dialogue.

    Thursday, November 4, 2010 5:40 PM
  • Hi Jon,

    Extending the WebApplication is the best practice to support external users on SSL. Also, the goves you the default zone to use NTLKM authentication and this is very important Pre-SP2010. SharePoint Office Search needs SharePoint to be accessabloe via NTLM to crawl the site..

    Also, it would be better if you could add anotjher IP Address even if your only have one NIC as you could assign thyou could Extend the WebApp to 443 but you would be unable to browes the extended WebApp until you installed a cert...

    In summary dont recrewate the WebApp to use SSL, extend the existing WebApp to the extranet Zone and use SSL on this  WebSite...

     

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    Thursday, November 4, 2010 6:44 PM

All replies

  • check this one, its worked. In our setup we having the same kind of setup.

    http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/8239670f-7f58-419e-94dd-bb8972216250

     

    hope this works

    thanks

    -ws


    SharePoint administrator, MCTS,MCITP
    Thursday, October 28, 2010 3:21 PM
  • Hi, Jon

     

           Would you please let us know how is your problem going?

           Did ws’s suggestion helpful for you?

           If you need further assistance, please feel free to let us know.

           Have a nice day!

     

    Best Regards,

    Aaron

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Thursday, November 4, 2010 9:37 AM
  • Jon,

    It should not be a complex process, i have done this several time in past. It simple First attach the certificate in IIS Site which will enable port 443 for that site and then go into Central Admin and change the Aletrnate Access Mappping to use https:// instead of http://

    You dont need to Extend the site or nor do you need to delete the IIS site and recreate it. It should be all done using IIS and Alternate Access Mapping.

    Make sure that if you have multiple WFE's, then you need to do the create and attach the cetificate on server's IIS console.

     


    Sameer Dhoot
    My Blog : http://sharemypoint.in/

    Did I answer your question? If YES, Mark as Answer. If NO, reply with details to continue dialogue.

    Thursday, November 4, 2010 5:40 PM
  • Hi Jon,

    Extending the WebApplication is the best practice to support external users on SSL. Also, the goves you the default zone to use NTLKM authentication and this is very important Pre-SP2010. SharePoint Office Search needs SharePoint to be accessabloe via NTLM to crawl the site..

    Also, it would be better if you could add anotjher IP Address even if your only have one NIC as you could assign thyou could Extend the WebApp to 443 but you would be unable to browes the extended WebApp until you installed a cert...

    In summary dont recrewate the WebApp to use SSL, extend the existing WebApp to the extranet Zone and use SSL on this  WebSite...

     

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    Thursday, November 4, 2010 6:44 PM
  • Hi Jon,

    Extending the WebApplication is the best practice to support external users on SSL. Also, the goves you the default zone to use NTLKM authentication and this is very important Pre-SP2010. SharePoint Office Search needs SharePoint to be accessabloe via NTLM to crawl the site..

    Also, it would be better if you could add anotjher IP Address even if your only have one NIC as you could assign thyou could Extend the WebApp to 443 but you would be unable to browes the extended WebApp until you installed a cert...

    In summary dont recrewate the WebApp to use SSL, extend the existing WebApp to the extranet Zone and use SSL on this  WebSite...

     

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.


    Well I agree to Ivan if this is an external site and you need to have different authentication. But if the site is intranet and you just need to enable SSL and still want to use NTML then don't extend the web application. Extendng will create another site and would run under its own worker process so you will have two worker processes running consuming resoruces on your server.

     

    • Marked as answer by Aaron Han - MSFT Sunday, November 7, 2010 3:55 AM
    • Edited by Mike Walsh FIN Thursday, December 9, 2010 5:52 PM Sig removed. Do NOT ask people to mark your posts.
    • Unmarked as answer by Mike Walsh FIN Thursday, December 9, 2010 5:52 PM
    Thursday, November 4, 2010 6:59 PM