SSL configuration for SharePoint 2013 farm RRS feed

  • Question

  • Hi,

    I'm trying to configure SSL on an existing SharePoint farms and although it is partially working, the solution is incomplete. Rather than bore you with what isn't right, I'll share with you the makeup of my farm and what I'm trying to achieve, and hopefully, someone will point me in the right direction.

    Farm A - Staging platform using the machine name as part of the URL (no DNS)
    1 WFE: ServerA
    1 SQL: ServerB

    I have 4 web apps using separate ports: CA on 6666, CTH on 5555, STG on 9999 and UAT on port 80.

    I would like all of the above, including CentralAdmin to respond to SSL on port 443.

    I requested a certificate from our internal Certificate Autority as machinename.ou.domain.com and I received the CER certificate for such. 

    - Should I request a wildcard certificate?

    - In this scenario, do I need to use separate host names and if so, must I have DNS created for such?

    EDITED I think I forgot to talk about my production farm so let me clarify. From what I'm reading, it's possible to do that using a single IP. Also, I want the URLs to be as follow: HTTPS://server1.ou.domain.com for the main web/default web app HTTPS://ca.server1.ou.domain.com for central administration HTTPS://dev.server1.ou.domain.com Etc. For my production server, I currently have a single DNS that points PORTAL.ou.domain.com to my production WFE (Server3) as well as a certificate for PORTAL.ou.domain.com Similarly to the above, the URLs would be: HTTPS://portal.ou.domain.com for the main web/default web app HTTPS://ca.portal.ou.domain.com for central administration Etc. But to add to the mix, I have large site collections under the main web app where I would like to have specific URLs to: HTTPS://docs.portal.ou.domain.com HTTPS://HR.portal.ou.domain.com From what I'm reading I can do all this using a single IP (per server of course) and a single certificate. I'm just confused about how to achieve this.
    • Edited by JoSevigny Friday, November 6, 2015 12:34 PM
    Thursday, November 5, 2015 9:19 PM


  • You'll want to get 4 IP addresses assigned to the SharePoint WFE. One IP per IIS Site, and you can then use one SSL certificate per site for the specified hostname.

    You will not be able to use a public CA for SSL nor route traffic from the Internet, in this case.

    Trevor Seward


    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Nico Martens Friday, November 6, 2015 8:11 AM
    • Marked as answer by Sara Fan Thursday, November 12, 2015 9:40 AM
    Thursday, November 5, 2015 10:57 PM