A SharePoint 2007 development can get quite complex depending on the business case and requirements of your customer. Last year I have worked on a few SharePoint 2007 solutions. During the development I have noticed that it is extremely helpful if you know how the customer's infrastructure will look like. It will help you even more if you will configure your development environment to resemble the customer's infrastructure as much as possible.
One of the things you should definitely consider is working with anonymous access and SSL support from the very beginning if applicable because they have major impact on the custom code you might need to create. Examples of the things you should be considering are Regular Expression for url parsing and privileges elevation if required to access some of the SharePoint properties. Finding out that your solution doesn't work in the real environment might be painful – especially if it's after it all has been deployed.
Setting up anonymous access in SharePoint 2007 is really straight forward and can be done by turning on two checkboxes. It is a bit more difficult to set up a working SSL certificate on your development machine though. It's all get difficult if you don't have the access to a server issuing certificates and all you want is a dummy certificate for development purposes only.
Let's begin with creating a new SharePoint 2007 Web Application which will use SSL:
The most important here is setting up the port to 443 and enabling SSL support. Configuring these settings correctly should automatically create the correct load balanced url beginning with https and ending with :443.
Now we have the Web Application, we are ready to create and link the SSL certificate. I have assumed you don't have access to a certificate server and you need to create an SSL certificate by yourself. To do so, you will first of all need the IIS 6.0 Resource Kit Tools. It contains a tool called SelfSSL which will create and link the dummy SSL certificate. After the installation you are almost ready to run the tool. The last detail you need to have is the ID of your Web Application which is required by SelfSSL. You can obtain it quite easily by running the IIS Manager > Properties of your Web Application and then opening the Logging Properties dialog.
The Web Application ID is the long number following W3SVC and in our case is 75208739:
Now we have all the details we must run SelfSSL by calling from the command prompt:
SelfSSL.exe /S:75208739 /T /Q
The SSL certificate will get automatically created and linked to our Web Application which will allow us to work with SharePoint through SSL.
Summary
Making your SharePoint 2007 development environment resemble the customer's production environment turns very useful during custom development. It allows you to debug your solution earlier and much more accurately. Furthermore you are able to test your deployment procedure much earlier in your development process what will spare you some unpleasant surprises afterwards.
Configuring anonymous access and SSL support if applicable isn't very difficult and covers the most common development issues. It is therefore worth making an integral part of your SharePoint 2007 development environment initiation.
April 21st, 2008 at 9:46 am
thank you for your help !
May 20th, 2008 at 5:16 pm
I have an existing intranet site on port 80 i would like to implement SSL, but when i go to extend the web application the use an existing web application is greyed out. I also dont see choose existing app pool. Can you help
May 21st, 2008 at 7:14 am
Using SSL has actually nothing to do with extending your site. As soon as you check the 'Use SSL' checkbox in Central Administration and configure SSL in IIS it will work. You don't have to extend the site.
June 4th, 2008 at 12:17 pm
Hi,
Very nice post that you have done.
But I just want to clarify one question.
Implementing SSL to an existing web application is just easy as:
"As soon as you check the ‘Use SSL’ checkbox in Central Administration and configure SSL in IIS it will work."
or there is any more configurations to do?
Thank you very much.
June 4th, 2008 at 12:40 pm
It is all you have to do regarding the server and Web Application configuration. The remaining part is attaching the certificate. You can either attach an existing one or create a new one for development purposes using the SelfSSL tool from the IIS Resource Kit.
June 4th, 2008 at 1:06 pm
Thank you Waldek, that is all I need to know.
July 8th, 2008 at 9:33 pm
What's the proper way to set up SSL if the web application has already been set up? I don't see anywhere in MOSS that you can modify the web app to check the SSL box.
July 9th, 2008 at 1:04 pm
I would say that all you have to do is to modify the Alternate Access Mappings for the Web Application to point to the https and then install the certificate in IIS.
January 8th, 2009 at 5:53 pm
Was anyone able to confirm that modifying the AAM to point to https, and installing the certificate in IIS worked to enable https for the site.
Would you also recommend redirecting from http to https in IIS?
Thanks.
February 3rd, 2009 at 6:03 am
The one limitation that I've found with regard to the modifying the alternate access mappings after the fact is that if you happen to "disconnect" the configuration database and reconnect it, you end up resynchronizing the settings that are stored in the configuration db. In doing so it will drop the SSL certificates – it will still have https://foo in the AAM, but you'll have to reload the certificate in IIS for the associated web application.
Brett – works like a champ, I've done it several times.
June 1st, 2009 at 6:42 am
Does anyone have any idea why MS have chosen to lock down the editing of certain settings after a web app has been created?? i.e. port, host header, SSL etc
Failing that, could you just use the \'https\' AAM hack described above and then hack the entry in the DB? [Yes, I know this is unsupported but it\'s also bloody frustrating!]
September 1st, 2009 at 11:55 pm
is it necessary to use 443 if i use the port as 443 it says the site is stopped when i install certificate do suggest me the best way can i use any other port
September 2nd, 2009 at 5:52 am
@raj: I've been using 443 in my environment all the time. Could you provide some more information on your setup and the error you're getting?
September 24th, 2009 at 9:17 am
hi,
good post; is there a way where i just want to use SSL on specific pages in a sharepoint site and not for all the pages in that site?
September 24th, 2009 at 6:46 pm
@bhavtosh: although I think I've heard of something similar being done, I haven't done it myself. I guess you would just have to use your favorite search engine for that…
September 24th, 2009 at 6:51 pm
@bhavtosh (via @Waldek) to be able to use SSL on a single page gets pretty tricky and would require a bit of work on IIS configuration so that you were making a particular directory pages 443 enabled whereas the rest of the web application was not.
February 3rd, 2010 at 10:34 am
Hi Waldek,
I already had a web application and a site collection in it. In order to add https to my sharepoint site I changed the URL of my web application to https from http in the AAM and the assigned the SSL certificate using selfssl.exe tool. But after this when I opened the site collection the page is not getting displayed. Can you please help me out. Thank you.
January 12th, 2011 at 11:31 am
Hi Waldek,
I have gone through all the steps in the wizard. I have problem of installing sslself.exe.
I have been to the directory of installed SSL and open the same directory on command prompt.
While trying to run SSLSelf.exe, it comes up with error, cannot recognize the SSLSelf.exe.
Could you point me, what I have been missing.
Thank you.
Hari Gillala
January 12th, 2011 at 11:45 am
@Hari Gillala: have you tried selfssl.exe instead?