Fixing the SSL Troubles
After I completed the app configuration above in part 6, I opened my portal web site and saw an issue. The portal.contoso.com was giving a certificate error.
I went to IIS and saw that the app certificate is assigned to my portal web application. It is a normal configuration of IIS which set the SSL Certificate as default for all web site using portal 443.
Please note that if you try to edit the binding without the additional IP address you will see the below message and certificate will be assigned to all SSL web apps.
Now there are two steps to fix it.
1. Add an * in the No Host Header bindings to specify wildcard (Server 2012/R2 or Later)
2. Add an additional IP Address on the WFE and change the No Host Header web application binding on that IP address and Apps SSL Certificate (2008 R2)
Note: Some people also use SNI but it is not clear if it is fully supported.
Let’s Fix it.
First I will Open my Network Adapter configuration and add an additional IP Address.
Open Network and Sharing Center – Change Adapter Settings – Right Click on your Adapter – Properties – Internet Protocol version 4 – Properties –
Advanced – IP Settings – Add – Add the additional IP and Subnet mask
Before you click OK. Open command prompt and ping that IP Address to confirm that it is not used already.
Click Add once confirmed
Then OK – OK – Close
Ping the IP address again to confirm.
Right Click on No Host Header Web site from IIS console and choose Edit Bindings
Select the binding and click Edit – From IP Address drop down select the new IP Address – Make sure App Certificate is selected and click OK.
Next I will edit the bindings of MySite and Portal web apps to use original wildcard certificate.
Final step would be to update the AAA Host Name entry for our Development VM to point to new IP Address.
Login to Domain Controller – DNS Manager – Forward Lookup Zone – Console.com
Double Click on your VM entry and change the IP Address
Click Apply OK.
Go back to SharePoint VM – Open command prompt and type ipconfig /flushdns
Now ping your VM name to confirm the new IP address.
Close all browsers and open a fresh one and browse the portal
Certificate error is now gone. Click on the SharePoint hosted app
On my VM I will be asked for authentic ation again. On a client computer it does a single sign on.
Issue resolved.