Convert SharePoint CA site port from 2019 to 443
- Mayur Khatale
- Aug 6, 2020
- 3 min read
Please see below example steps to Implement it :
OLD AAM details:
Old IIS bindings:
Central Administration site is a web application where administration activities are performed for the farm. By default, Central Administration runs on non-secure HTTP. Enabling encryption ensures that the communications between users and the central admin website remain secure.
Prerequisite: Of course, You need the SSL certificate! You can use a free domain certificate from an internal CA, but you'll need a SSL certificate from public certificate authorities for public facing sites.
Overall Steps to Change Central Administration from HTTP to HTTPS: The steps to secure Central Administration are as follows:
1. Set SharePoint Central Administration site to use SSL Port 443
2. Assign SSL certificate binding to the Central Admin Web application through IIS.
3. Verify the Alternate Access Mappings to accommodate the port change
Why We should Enable SSL for Central Administration site? To protect sensitive information such as credentials, its essential to enable SSL on SharePoint Central Administration site. While, its a general best practice to protect external facing web applications, its also mandatory to encrypt communications between Central Admin site internally. Otherwise, you will see the following message:
Warning: this page is not encrypted for secure communication. User names, passwords, and any other information will be sent in clear text. For more information, contact your administrator.
Also, If you don't encrypt SharePoint Central Admin site, you risk passing credentials in clear text. Step 1: Set SharePoint Central Administration site to use SSL Port 443 Logon to your SharePoint server hosting SharePoint Central Administration site. By default, the first server you install SharePoint configures Central Administration automatically.
· Open the SharePoint 2019 Management Shell (run as Administrator if UAC is not disabled)
· Enter following cmdlets and run
Set-SPCentralAdministration -SecureSocketsLayer -Port 443
This will reconfigure the SharePoint Central Administration site to use that port with an SSL binding.
Step 2: Assign SSL certificate binding to the Central Admin Web application Import your SSL certificate to IIS: After getting the certificate from either from your internal CA or from public CA authority, Import the certificate through >> IIS >> Server Certifications >> Import
Bind the SSL Certificate with Central Admin Site: As a next step, You'll assign the SSL certificate to the SharePoint Central Administration site. Please note, if you do run Central Admin on more than one server, you'll need to assign the SSL certificate to the web site on each machine.
· Open IIS Manager (Start >> Run >> Type "InetMgr")
· Navigate to SharePoint Central Administration v4 >> Click on "Bindings…" from the right hand panel.
· On the Bindings dialog, click on Edit…
· In the Edit Site Binding dialog, select https from the Type dropdown, leave the IP address as All Unassigned, the Port should say 443. Enter the Host name as cadmin.crescent.com, Select your certificate you imported earlier. Click OK
Step 3: Verify the Alternate Access Mappings When you set the SharePoint central admin to use SSL, SharePoint 2019 automatically modifies the default AAM to point to the new HTTPS URL. E.g. from http://ca.crescent.com to the https://ca.crescent.com. You can verify it once:
· Go to: SharePoint 2019 Central Administration >> Click On Application Management
· Click on "Configure alternate access mappings"
· Click on "Edit Public URLs" >> Pick the SharePoint Central Administration web application >> The default URL should be: https://ca.crescent.com
In case, Central Admin is not accessible, You can add new URL to the AAM binding. Run this PowerShell cmd
Ex: we didn’t use it here ….
New-SPAlternateUrl -WebApplication https://ca-old-url:port -Url https://your-ca-new-url:port -Zone Default
We are going to use UI level to change it as below :
Please check below three blog series related to SharePoint Central Admin High Availability Secure site on Custom port i.e. 443:
ความคิดเห็น