Enable SSL on SharePoint 2013 HNCs

Topics: General Questions, Support
Dec 17, 2014 at 4:12 PM
Edited Dec 18, 2014 at 10:10 AM

For the purposes of expediency, I am currently provisioning a number of HNSCs on my Server farm using standard HTTP urls with AutoSpInstaller. I should be getting my wildcard cert in a couple of weeks. Do I take it the config script just needs to be changed with HTTPS URLS, then re-run: to enable SSL in my various HNSCs: essentially verify the cert and setting up the AAMs etc. Alternatively, should I manually configure SSL for a more user defined setup, say extending any web apps or whatever.

Will be interested to hear your thoughts.

Dec 18, 2014 at 11:16 AM
No, it's actually pretty simple - you should set everything up with HTTPS/SSL from the get-go. AutoSPInstaller will provision and install a temporary self-signed wildcard certificate, which you can replace with your real cert once you get it. That way all the URLs/ports/zones will be set up correctly from the start and all you'll need to do is swap out the certificate.

Dec 18, 2014 at 11:49 AM
Edited Dec 18, 2014 at 11:49 AM

Thanks very much. Funnily enough, I thought this morning my plan B would be to use a self-cert if this was an issue. Your advice makes sense as there is less chance of reconfigure changes later on. One thing I noticed is the config file (3.66) schema hasn't needed to changed to accommodate the latest cert provisioning which is also neat.

Dec 21, 2014 at 6:28 PM
Edited Dec 21, 2014 at 8:22 PM

Just to let you know this is one of the smoothest installs I have now have SSL access on all my site collections. Copying host files to my testers until the DNS entries are implemented. One thing of interest is that I did get a error when I didn't specify the Myhost URL and path . Even though I __did __provision a dedicated web app for it; without a HNSC. Hence, I entered the URL etc and re-run and tested mysites. all good
" MySiteHostLocation and MySiteManagedPath are for when you are NOT provisioning a dedicated MySite host web application and would instead like to specify a MySite host site collection and the managed path at which personal sites will be created. Again, this is ONLY required if you did not specify a dedicated MySite host web application earlier in the XML."
Jan 5, 2015 at 9:30 AM
Happy New Year to your all....

One thing to note. When you get AutoSPInstaller to auto create a SSL certificate. You need to ensure that certificate is exported to the all the other servers such as your office web apps server. We found we had certificates with the same domain scattered around our farm caused some cert related errors. For example when I attempt create a new word document in a lib hosted in one of my HNSCs I get:

Content was blocked because it was not signed by a valid security certificate.

For more information, see “About Certificate Errors” in Internet Explorer Help.__

Our live cert arrived so we're in the process of exporting this to the various servers but we could do the same with the temp self-cert.

Mar 3, 2015 at 9:52 PM
Edited Mar 3, 2015 at 9:53 PM
We had major issues with autospinstaller creating its own self signed wildcard certificate. The content HNSC works fine, but the MySite HNSC and the root of the containing web application all come back with 404 errors. Weirdly most of the root of the site can be accessed (eg document library and settings pages) apart from the home page. Has anyone seen this before?

Mar 4, 2015 at 8:29 AM

That is quite strange.

I have done a number of such implementations using SharePoint 2013 SP1 / April CU on top of Windows 2012 R2 now and AutoSPinstaller happily creates the auto cert
*.yourdomain.com as required for all HNSCS. certs for the main IIS sites. Windows 2008R2 is a gateway to a world of misery (IMHO) no matter how many elastoplast patches are applied to it!
We did have issues with a proxy and ensuring this worked with the new HNCS urls.
You could also check the that Trusted Cert Authority ( via RUN -> MMc Smappin -> Certificates) to check your cert is installed tho I suspect it it is ..
Check different browsers too.