SharePoint 2013: Installing Your SSL Certificate

SharePoint 2013

Microsoft SharePoint 2013 does not include a GUI for installing the SSL Certificate. Because SharePoint 2013 is designed to run on Microsoft IIS 8, you can use IIS. If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Microsoft SharePoint 2013: SSL Certificate CSR Creation Instructions.

The SharePoint SSL Certificate installation process consists of three steps:

  1. Installing the SSL Certificate

  2. Assigning or binding the certificate to your SharePoint site

    See Using IIS 8 to Assign the Certificate to the SharePoint Website.

  3. Installing the root certificate

    See Using SharePoint 2013 to Install the Root Certificate.

SharePoint 2013: How To Install Your SSL Certificate

Using IIS 8 to Install the SSL Certificate

After ¶ºÒõ¹Ý validates and issues your SSL Certificate, you can use Microsoft IIS 8 to install your SSL Certificate to the server where you generated the CSR, and then, bind it the SharePoint site.

  1. Save the SSL Certificate file (your_domain_name.cer) to the server on which the CSR was generated.

  2. Open Internet Information Services (IIS) Manager.

    From the Start screen, type and click Internet Information Services (IIS) Manager.

  3. In Internet Information Services (IIS) Manager, under Connections, select your server¡¯s Hostname.

    IIS 8 Security Certificates

  4. In the center menu, in the IIS section, double-click the Server Certificates icon.

  5. In the Actions menu, click Complete Certificate Request to open the Complete Request Certificate wizard.

    IIS 8 Complete Request Certificate

  6. On the Specify Certificate Authority Response page, under File name containing the certification authority¡¯s response, click ¡­ to browse to the .cer certificate file that ¶ºÒõ¹Ý sent you, select the file, and then, click Open.

    IIS 8 Specify Certificate Authority Response

  7. Next, in the Friendly name box, enter a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.

    We recommend that you add ¶ºÒõ¹Ý and the expiration date to the end of your friendly name, for example: yoursite-¶ºÒõ¹Ý-expirationDate. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.

  8. Next, in the Select a certificate store for the new certificate drop-down list, select Personal.

  9. To install the SSL Certificate to the server, click OK.

  10. Once you have successfully installed the SSL Certificate to the server, you still need use IIS to assign or bind that certificate to the SharePoint site.

Using IIS 8 to Assign the Certificate to the SharePoint Website

  1. In Internet Information Services (IIS) Manager, under Connections, expand your server¡¯s name, expand Sites, and then select the SharePoint site.

    iis 8 manager

  2. In the Actions menu, under Edit Site, click Bindings.

  3. In the Site Binding window, click Add.

    IIS 8 Site Bindings window

  4. In the Add Site Bindings window, enter the following information:

    Type: In the drop-down list, select https.
     
    IP address: In the drop-down list, select All unassigned.
    If your server has multiple IP addresses, select the one that applies.
     
    Port: Enter 443, unless you are using a non-standard port for SSL traffic.
     
    SSL certificate: In the drop-down list, select the friendly name of the certificate that you just installed.

    IIS 8 add site binding window

  5. When you are finished, click OK.

    IIS 8 site bindings window

  6. Now you need to install the root certificate on your SharePoint server.

Using SharePoint 2013 to Install the Root Certificate

  1. Log into the ¶ºÒõ¹Ý? Management Console (your account).

  2. In the ¶ºÒõ¹Ý® Management Console, under Order, click the order number for the SSL Certificate that you just installed.

  3. On the My Orders tab, click Download.

    digicert management console

  4. In the Download Certificate section, click the Download or Copy/Paste Individual Certificates link.

    digicert management console

  5. Next, click the ROOT CERTIFICATE icon.

    digicert management console

  6. In the Opening TrustedRoot.crt window, click Save File to save the file to your SharePoint server.

    Opening TrustedRoot.crt window

  7. Next, open SharePoint 2013 Central Administration.

    From the Start screen, type and click SharePoint 2013 Central Administration.

  8. In SharePoint 2013 Central Administration, in the menu on the left, click Security and then, under General Security, click Manage trust.

    sharepoint 2013 central administration

  9. On the Trust Relationships page, in the menu at the top of the page, click New.

  10. In the Establish Trust Relationship window, in the General Setting section, in the Name box, type the name that you want to give the SSL Certificate.

    sharepoint 2013 central administration

  11. In the Root Certificate for the trust relationship section, click Browse to browse for and select the root certificate (i.e. TrustedRoot.crt).

  12. In the Establish Trust Relationship window, click OK.

  13. If the certificate is installed successfully, it should be listed on the Trust Relationships page.

    sharepoint 2013 central administration

Test Your Installation

If your web site is publicly accessible, our ¶ºÒõ¹Ý® SSL Installation Diagnostics Tool can help you diagnose common problems.

Troubleshooting

If you run into certificate errors, try repairing your certificate trust errors using ¶ºÒõ¹Ý® Certificate Utility for Windows. If this does not fix the errors contact support.

Additional Information

IIS 8 and Windows Server 2012 have the Server Name Indication-SNI feature, which you can use to host multiple SSL sites and certificates on a Single IP Address based on Host Headers on your IIS 8 server.