Jerry Yasir

Installing SharePoint 2016 – Part 7

Fixing the SSL Troubles

After I completed the app configuration above in part 6, I opened my portal web site and saw an issue. The portal.contoso.com was giving a certificate error.

image

I went to IIS and saw that the app certificate is assigned to my portal web application. It is a normal configuration of IIS which set the SSL Certificate as default for all web site using portal 443.

image

Please note that if you try to edit the binding without the additional IP address you will see the below message and certificate will be assigned to all SSL web apps.

image

Now there are two steps to fix it.

1. Add an * in the No Host Header bindings to specify wildcard (Server 2012/R2 or Later)

2. Add an additional IP Address on the WFE and change the No Host Header web application binding on that IP address and Apps SSL Certificate (2008 R2)

Note: Some people also use SNI but it is not clear if it is fully supported.

Let’s Fix it.

First I will Open my Network Adapter configuration and add an additional IP Address.

Open Network and Sharing Center – Change Adapter Settings – Right Click on your Adapter – Properties – Internet Protocol version 4 – Properties –

image

Advanced – IP Settings – Add – Add the additional IP and Subnet mask

Before you click OK. Open command prompt and ping that IP Address to confirm that it is not used already.

image

Click Add once confirmed

image

Then OK – OK – Close

Ping the IP address again to confirm.

image

Right Click on No Host Header Web site from IIS console and choose Edit Bindings

image

Select the binding and click Edit – From IP Address drop down select the new IP Address – Make sure App Certificate is selected and click OK.

image

image

Next I will edit the bindings of MySite and Portal web apps to use original wildcard certificate.

image

image

Final step would be to update the AAA Host Name entry for our Development VM to point to new IP Address.

Login to Domain Controller – DNS Manager – Forward Lookup Zone – Console.com

image

Double Click on your VM entry and change the IP Address

image

Click Apply OK.

Go back to SharePoint VM – Open command prompt and type ipconfig /flushdns

image

Now ping your VM name to confirm the new IP address.

Close all browsers and open a fresh one and browse the portal

image

Certificate error is now gone. Click on the SharePoint hosted app

image

On my VM I will be asked for authentic ation again. On a client computer it does a single sign on.

image

image

Issue resolved.

Posted in SharePoint 2016Tagged Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s