MICROSOFT SHAREPOINT 2013 – CSR CREATION AND SSL CERTIFICATE INSTALLATION GUIDE
Microsoft SharePoint 2013 does not include a GUI for installing the SSL Certificate. Because SharePoint 2013 is designed to run on Microsoft IIS 8, you can use IIS. If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Microsoft SharePoint 2013: SSL Certificate CSR Creation Instructions
The SharePoint SSL Certificate installation process consists of three steps:
1. Installing the SSL Certificate
- If you used IIS 8 to generate your CSR, you need to use IIS 8 to install the SSL Certificate, See Using IIS 8 to install the SSL certificate
2. Assigning or binding the certificate to your SharePoint site
3. Installing the root certificate
SHAREPOINT 2010 – USING MICROSOFT IIS 7 FOR CSR CREATION
Microsoft SharePoint 2010 does not include a GUI for creating a CSR. Because SharePoint 2010 is designed to run on Microsoft IIS 7, you can use IIS 7 to create your CSR.
Note: If you have any questions or would like expert help with your installation feel free to chat with an SSL expert – they are ready to help regardless of where you purchased your SSL certificate.
SHAREPOINT 2010 – HOW TO CREATE A CSR USING MICROSOFT IIS 7
1. Open Internet Information Services (IIS) Manager. On the Windows Start menu, in the sidebar on the right, click Administrative Tools > Internet Information Services (IIS) Manager.
2. In Internet Information Services (IIS) Manager, under Connections, click your server’s Hostname.
3. In the center menu, in the IIS section, double-click the Server Certificates icon.
4. In the Actions menu, click Create Certificate Request to open the Request Certificate wizard.
5. On the Distinguished Name Properties page, enter the following information:
- Common name: Enter the name that you want to use to access the certificate. This name is usually the fully-qualified domain name. For example, www.domain.com or mail.domain.com.
- Organization: Enter the legally registered name of your organization/company.
- Organizational Unit: Enter the name of your department within the organization. For example, you can enter IT or Web Security. You can also leave it blank.
- City/locality: Enter the city in which your organization/company is located.
- State/province: Enter the state/province in which your organization/company is located.
- Country/region: Type or select your two-digit country code from the drop-down list. If necessary, you can find your two-digit country code in our SSL certificate Country Codes list.
6. When you are finished, click Next.
7. On the Cryptographic Service Provider Properties page, enter the following information:
Cryptographic service provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider, unless you have a specific cryptographic provider.
Bit length: In the drop-down list, select 2048.
8. When you are finished, click Next.
9. On the File Name page, click the … box to browse to a location where you want to save the CSR file, enter the filename, and then click Open.
Note: If you only enter the filename without selecting a location, your CSR file is saved to the following location: C:\Windows\System32.
10. Make sure to note the filename and the location where you saved your CSR file. You need to open this file as a text file, copy the entire body of the text file (including the Begin New Certificate Request and End New Certificate Request tags), and paste it into the online order process when you are prompted.
11. Click Finish.
12. After you receive your SSL Certificate from TRUSTZONE, you can install it.
SHAREPOINT 2013 – HOW TO INSTALL YOUR SSL CERTIFICATE
After TRUSTZONE validates and issues your SSL certificate, you can use Microsoft IIS 8 to install your SSL Certificate to the server where you generated the CSR, and then, bind it the SharePoint site.
1. Save the SSL certificate file (your_domain_name.cer) to the server on which the CSR was generated.
2. Open Internet Information Services (IIS) Manager. From the Start screen, type and click Internet Information Services (IIS) Manager.
3. In Internet Information Services (IIS) Manager, under Connections, select your server’s Hostname.
4. In the center menu, in the IIS section, double-click the Server Certificates icon.
5. In the Actions menu, click Complete Certificate Request to open the Complete Request Certificate wizard.
6. On the Specify Certificate Authority Response page, under File name containing the certification authority’s response, click … to browse to the .cer certificate file that TRUSTZONE sent you, select the file, and then, click Open.
7. Next, in the Friendly name box, enter a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.
Note: We recommend that you add TRUSTZONE and the expiration date to the end of your friendly name, for example: yoursite-trustzone-expirationDate. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
8. Next, in the Select a certificate store for the new certificate drop-down list, select Personal.
9. To install the SSL Certificate to the server, click OK.
10. Once you have successfully installed the SSL Certificate to the server, you still need use IIS to assign or bind that certificate to the SharePoint site.
USING IIS 8 TO ASSIGN THE CERTIFICATE TO THE SHAREPOINT WEBSITE
1. In Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then select the SharePoint site.
2. In the Actions menu, under Edit Site, click Bindings.
3. In the Site Binding window, click Add.
4. In the Add Site Bindings window, enter the following information:
- Type: In the drop-down list, select https.
- IP address: In the drop-down list, select All unassigned. If your server has multiple IP addresses, select the one that applies.
- Port: Enter 443, unless you are using a non-standard port for SSL traffic.
- SSL certificate: In the drop-down list, select the friendly name of the certificate that you just installed.
5. When you are finished, click OK.
6. Now you need to install the root certificate on your SharePoint server.
USING SHAREPOINT 2013 TO INSTALL THE ROOT CERTIFICATE
1. Log into the TRUSTZONE portal (your account).
2. In the TRUSTZONE portal, under Order, click the order number for the SSL certificate that you just installed.
3. On the My Orders tab, click Download.
4. In the Download Certificate section, click the Download or Copy/Paste Individual Certificates link.
5. Next, click the ROOT CERTIFICATE icon.
6. In the Opening TrustedRoot.crt window, click Save File to save the file to your SharePoint server.
7. Next, open SharePoint 2013 Central Administration. From the Start screen, type and click SharePoint 2013 Central Administration.
8. In SharePoint 2013 Central Administration, in the menu on the left, click Security and then, under General Security, click Manage trust.
9. On the Trust Relationships page, in the menu at the top of the page, click New.
10. In the Establish Trust Relationship window, in the General Setting section, in the Name box, type the name that you want to give the SSL Certificate.
11. In the Root Certificate for the trust relationship section, click Browse to browse for and select the root certificate (i.e. TrustedRoot.crt).
12. In the Establish Trust Relationship window, click OK.
13. If the certificate is installed successfully, it should be listed on the Trust Relationships page.
TEST YOUT INSTALLATION
If your web site is publicly accessible, our SSL Labs can help you diagnose common problems.
Last updated: August 21, 2017