Friday, March 26, 2010

To bind SSL in a SharePoint environment using Windows 2008 and IIS7 and is utilizing Host Headers, you will need to do the following after applying the SSL Certificate.

Remove all HTTPS (443) bindings from the SharePoint Web Applications which will have the new SSL certificate
From the Each Web Front-End Server, do the following for ALL Web Applications which will bind to the new SSL Certificate, including the Default Web Application:
  1. Click Start->Control Panel
  2. Double click Administrative Tools
  3. Double click Internet Information Services (IIS) Manager. Make sure that you are not using IIS 6.0 Manager
  4. In the Connections pane, click ‘+’ to expand the web server, then click the ‘+’ next to Sites to expand sites.
  5. Click the web application you will be binging the SSL certificate and then in the Actions pane, select Bindings…
  6. Remove all https (443) bindings except for the root bindings you wish to keep. This will have the following configuration:
  7. Type: http
  8. Host Name: or
  9. Port: 80
  10. IP Address: *
  11. Binding Information:
  12. Click Close to apply


Bind the SSL certificate to the Default Web Site
From the Each Web Front-End Server, do the following for the Default Web Application:
Click Start->Control Panel
Double click Administrative Tools
Double click Internet Information Services (IIS) Manager. Make sure that you are not using IIS 6.0 Manager
In the Connections pane, click ‘+’ to expand the web server, then click the ‘+’ next to Sites to expand sites.
Click the Default Web Site and then in the Actions pane, select Bindings…
From the Site Bindings dialog box, Click Add…
Change Type to https and then select the SSL certificate
Click OK to apply and then Close
With the Default Web Site still selected, click Stop in the Actions pane.

Bind the SSL certificate bindings to the SharePoint Web Applications
From the Each Web Front-End Server, do the following for ALL Web Applications which will bind to the new SSL Certificate, DO NOT include the Default Web Application:
Click Start->All Programs->Accessories->Command Prompt
Type the following to navigate to the correct folder
C:
cd\
cd C:\Windows\System32\Inetsrv\
Before doing the following, make sure you have this information for ever SharePoint Web Application to bind the new SSL certificate:
Web Application Name: (ex. SharePoint - staff.usccb.org80)
Web Application Host Header: (ex. staff.usccb.org)
Type the following command (all one line) where is the Web Application Name for the SharePoint Web Application and is the Host Header Name for the SharePoint Web Application (this should match the AAM which you configured in Central Aministration)
appcmd set site /site.name:"" /+bindings.[protocol='https',bindingInformation='*:443:'] appcmd set site

Example Syntax from the examples provided in step 3 above:
appcmd set site /site.name:" SharePoint - staff.usccb.org80" /+bindings.[protocol='https',bindingInformation='*:443: staff.usccb.org '] appcmd set site
Press the Enter key after each line and ensure that all commands are completed successfully


(OPTIONAL) Remove all non-SSL bindings from the SharePoint Web Applications
From the Each Web Front-End Server, do the following for ALL Web Applications which users should not be able to access via unsecured port (i.e. 80), DO NOT include the Default Web Application:
Click Start->Control Panel
Double click Administrative Tools
Double click Internet Information Services (IIS) Manager. Make sure that you are not using IIS 6.0 Manager
In the Connections pane, click ‘+’ to expand the web server, then click the ‘+’ next to Sites to expand sites.
Click the web application which you have applied the SSL certificate (except the Default Web Application) and then in the Actions pane, select Bindings…
 Remove all bindings except for the secured binding. This will have the following configuration:
Type: https
Host Name:
Port: 443
IP Address: *
Binding Information:
 Click Close to apply