SharePoint 2013: Installing Your SSL Certificate
Microsoft SharePoint 2013 does not include a GUI for installing the SSL Certificate. Because SharePoint 2013 is designed to run on Microsoft IIS 8, you can use IIS. If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Microsoft SharePoint 2013: SSL Certificate CSR Creation Instructions.
The SharePoint SSL Certificate installation process consists of three steps:
-
Installing the SSL Certificate
-
If you used IIS 8 to generate your CSR, you need to use IIS 8 to install the SSL Certificate,
-
If you used the DigiCert® Certificate Utility for Windows to generate your CSR, you need to use the DigiCert Certificate Utility to import/install your SSL Certificate.
See SSL Certificate Importing Instructions: DigiCert® Certificate Utility for Windows.
-
-
Assigning or binding the certificate to your SharePoint site
See Using IIS 8 to Assign the Certificate to the SharePoint Website.
-
Installing the root certificate
SharePoint 2013: How To Install Your SSL Certificate
Using IIS 8 to Install the SSL Certificate
After DigiCert validates and issues your SSL Certificate, you can use Microsoft IIS 8 to install your SSL Certificate to the server where you generated the CSR, and then, bind it the SharePoint site.
-
Save the SSL Certificate file (your_domain_name.cer) to the server on which the CSR was generated.
-
Open Internet Information Services (IIS) Manager.
From the Start screen, type and click Internet Information Services (IIS) Manager.
-
In Internet Information Services (IIS) Manager, under Connections, select your server’s Hostname.
-
In the center menu, in the IIS section, double-click the Server Certificates icon.
-
In the Actions menu, click Complete Certificate Request to open the Complete Request Certificate wizard.
-
On the Specify Certificate Authority Response page, under File name containing the certification authority’s response, click … to browse to the .cer certificate file that DigiCert sent you, select the file, and then, click Open.
-
Next, in the Friendly name box, enter a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add DigiCert and the expiration date to the end of your friendly name, for example: yoursite-DigiCert-expirationDate. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
-
Next, in the Select a certificate store for the new certificate drop-down list, select Personal.
-
To install the SSL Certificate to the server, click OK.
-
Once you have successfully installed the SSL Certificate to the server, you still need use IIS to assign or bind that certificate to the SharePoint site.
Using IIS 8 to Assign the Certificate to the SharePoint Website
-
In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then select the SharePoint site.
-
In the Actions menu, under Edit Site, click Bindings.
-
In the Site Binding window, click Add.
-
In the Add Site Bindings window, enter the following information:
Type: In the drop-down list, select https. IP address: In the drop-down list, select All unassigned. If your server has multiple IP addresses, select the one that applies. Port: Enter 443, unless you are using a non-standard port for SSL traffic. SSL certificate: In the drop-down list, select the friendly name of the certificate that you just installed. -
When you are finished, click OK.
-
Now you need to install the root certificate on your SharePoint server.
Using SharePoint 2013 to Install the Root Certificate
-
Log into the DigiCert® Management Console (your account).
-
In the DigiCert® Management Console, under Order, click the order number for the SSL Certificate that you just installed.
-
On the My Orders tab, click Download.
-
In the Download Certificate section, click the Download or Copy/Paste Individual Certificates link.
-
Next, click the ROOT CERTIFICATE icon.
-
In the Opening TrustedRoot.crt window, click Save File to save the file to your SharePoint server.
-
Next, open SharePoint 2013 Central Administration.
From the Start screen, type and click SharePoint 2013 Central Administration.
-
In SharePoint 2013 Central Administration, in the menu on the left, click Security and then, under General Security, click Manage trust.
-
On the Trust Relationships page, in the menu at the top of the page, click New.
-
In the Establish Trust Relationship window, in the General Setting section, in the Name box, type the name that you want to give the SSL Certificate.
-
In the Root Certificate for the trust relationship section, click Browse to browse for and select the root certificate (i.e. TrustedRoot.crt).
-
In the Establish Trust Relationship window, click OK.
-
If the certificate is installed successfully, it should be listed on the Trust Relationships page.
Test Your Installation
If your web site is publicly accessible, our DigiCert® SSL Installation Diagnostics Tool can help you diagnose common problems.
Troubleshooting
If you run into certificate errors, try repairing your certificate trust errors using DigiCert® Certificate Utility for Windows. If this does not fix the errors contact support.
Additional Information
IIS 8 and Windows Server 2012 have the Server Name Indication-SNI feature, which you can use to host multiple SSL sites and certificates on a Single IP Address based on Host Headers on your IIS 8 server.