Implementing SSL with PowerShell for existing SharePoint 2013 farm – Part 1

You have an existing SharePoint 2013 multi server farm running smoothly. And then, at one day, you are asked to implement SSL. Everything needs to run with https. And when users are using http, then the request needs to be redirected to https. Easy-peasy right? In these series of posts I want to share my steps taken and experiences.

In this part 1 the environment is described I am dealing with. If you wonder why SSL wasn’t implemented right away. Well, simply said: there was no need back then. Over time, business needs change. So what changed? For one, Microsoft Dynamics CRM came in play and they did implement SSL, we found out. Integration with SharePoint 2013 then fails; ListComponent fails, IFRAMES spilling out errors etc… Both environments need to be equal regarding HTTP/HTTPS. Another requirement that came in to play was that collaboration intensified and external users needed to get access to the collaboration sites.

Current Environment

My farm has the following configuration (all servers are running Windows Server 2012 R2):

  • 6 SharePoint 2013 Servers; 2 WFEs, 2 APPs (services) and 2 dedicated for BI services (Excel, Reporting and PowerPivot Services)
  • 2 SQL Server 2012 with Always On Availability Groups
  • 2 IIS Web Servers for running Provider-Hosted SharePoint apps …eh.. add-ins.

image

Both SharePoint and IIS Web servers are load balanced by an F5 BIG-IP.

In SharePoint I have 2 web applications, one for the MySites and one for hosting the host named site collections and path based site collections.

Name URL Port
MySites http://mysites.company.com 80
Hosting Web App http://hostingwebapp.company.com 80

Examples of host named site collections are:

Examples of path based site collections are:

Examples of the IIS site for the Add-Ins:

The domain for the Apps is set to spapps.company.com and the AppCatalog is set to http://appcatalog.company.com in the web application Hosting Web App.

The F5 Load Balancer has a virtual IP configured using both SharePoint web servers listening for requests on port 80. All DNS entries are pointing to this VIP.

Steps to be taken

  • Get the SSL certificates and install them on the required servers (Part 2)
  • Change the SharePoint Web Applications to use SSL and HTTPS (Part 3)
  • Set the IIS Bindings for the SharePoint IIS sites to use the SSL Certificate (Part 4)
  • Set the IIS Bindings for the Add-In IIS sites to use the SSL Certificate (Part 4)
  • Change the Host Named Site Collections to use HTTPS (Part 5)
  • Configure the SharePoint Services to use the new HTTPS locations (Part 6)
  • Change the manifest file for the installed Add-Ins (Part 7)
  • Configure the Load Balancer to use HTTPS and redirect

These steps will be described in more detail in the next posts.

Share