Applying SSL to a SharePoint Central Admin site

By default, SharePoint will install the Central Administration web application to run over ordinary unsecured HTTP but on a random IP port. It is generally a Good Idea ™ to run using SSL/HTTPS instead. To do so, there are two things you need to do: install an SSL certificate in IIS, and change the IP port used by SharePoint for the Central Administration site.

Open IIS Manager and get properties on the site labeled SharePoint Central Administration v3. Open the Directory Security tab and click on Server Certificate. What happens next depends on whether you need to create a new certificate or already have one you can use. There is plenty of information you can google for the process of obtaining or installing existing certificates if you don’t know already know how. Complete the wizard as appropriate to your situation, specifiying port 443 if prompted.

With the certificate installed, IIS is able to use HTTPS via port 443, but SharePoint knows nothing about the changes you made in IIS and is still only expecting to communicate over whatever random port was in place. There is a quick stsadm command to fix that:

stsadm -o setadminport -ssl -port 443

Don’t be alarmed if it appears to take a moment. When finished, it should tell you Operation completed successfully. After that, I have found it pays to wait a couple more minutes for SharePoint to finish the changes internally. Then try opening Central Administration, e.g. https://host.example.com/. Your Central Administration page should appear momentarily. Once you have successfully opened Central Administration, return to the site properties, and on the Directory Security tab click Edit… just a little below the Server Certificate button you clicked earlier. Then check Rquire secure channel (SSL), and I recommend you also check Require 128-bit encryption. Click OK, then OK again to close the site properties. You will now only be able to open the Central Administration over SSL.

Advertisements
This entry was posted in SharePoint. Bookmark the permalink.

2 Responses to Applying SSL to a SharePoint Central Admin site

  1. Pingback: Sharpoint 2007 - securing the Central Administration site with SSL

  2. Pingback: Installing a Standalone Sharepoint Foundation 2010 Server (beta post) « windowsmasher

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s