New episode!

Latest Episode: 5 GPO MDM Mistakes

In this week’s episode, Stephen talks to Jeremy Moskowitz about the top 5 mistakes IT Pros make when transferring Group Policy to MDM.
Happening now!

Unlock Secure Remote Working!

Dive into the latest Microsoft management technologies at our free 1-day GET-IT virtual conference. Sign up now!
On-demand!

Inside Access: Why Privileged Accounts Could Be Your Biggest Security Gap

What if your biggest vulnerability wasn't a misconfigured firewall? Don't miss our webinar on the hidden risks of standing privileges.

Configuring SSL on SharePoint Sites

With the advent of SharePoint 2013 some new best practices on how to deploy SharePoint sites are being released. The new best practice is to deploy web applications with secure sockets layer (SSL). More importantly, if you plan on using SharePoint apps or any Exchange site mailbox features, you must have SSL enabled on all your sites. In this article I’ll show you how to configure SSL on your SharePoint sites.

Obtain a Certificate

Before you begin configuring IIS and SharePoint, you’ll first need to obtain a certificate (if you already don’t have one). To obtain a certificate you will need to generate a certificate-signing request (CSR) from the webserver, which you then supply to your SSL vendor of choice. Alternately, you can create a self-generated certificate. If your server is going to be public facing, I would recommend obtaining a commercial certificate that is widely trusted rather than a domain-issued certificate. Once a certificate is obtained, it will need to be imported into the webserver for use by the SharePoint sites.

If you have an existing certificate that is used for other servers, such as a wildcard certificate, that certificate can be exported into a .pfx file and imported to the SharePoint webserver. I prefer to use wildcard certificates mainly because it’s one certificate that I need to manage and renew rather than having several specific SSL certificate files. For this article I am using an existing wildcard certificate that was exported from IIS on a different webserver.

Import Certificate Into SharePoint Webserver

Copy your .pfx file to a location on the SharePoint Webserver.
Open IIS manager and go to Server certificates.
Select Import on the actions pane.
Locate the .pfx you just copied to the server, supply the password, and check the box to allow the certificate to be exported.
Click OK.

Configure IIS Bindings

After you have imported the certificate you will need to bind your site to use https. To configure the IIS bindings complete the following steps:

Open IIS manager and go to your SharePoint site
Right-click on the site and select Edit Bindings
Select Add binding.
From the drop-down choose HTTPS and select the certificate that you just added to the server.
Fill in the Host header information and click OK.

Configure SharePoint for SSL

Now that you have added your certificate to IIS and bound it to the site, you’ll need to configure SharePoint to use SSL using Alternate Access Mappings. Alternate Access Mappings is how SharePoint determines how to handle the incoming URL requests and redirects to them the appropriate URL, in this case we are using HTTPS.

Open Central Admin on SharePoint Server. Go to Application Management, then select Alternate Access Mappings.
Select the web app that you want to change to SSL by selecting it from the top right drop-down menu.
Edit the default public URL and change HTTP to HTTPS to redirect the site to use SSL.

To redirect HTTP requests to be automatically redirected to HTTPS, click on Add an Internal URL.
Add the non-HTTP URL and make sure the zone is set to default.