In some old articles, we saw about creating various types of WebApplications. Hope we are familiar with creating various web applications. Here, I faced another challenge. Thought of sharing that to the Community.

The requirement was something like, I want a web application, whose URL should be like https://MYDevelopmentSite.ss.loc:1000/Sites/MyDeveloperSite instead of https://Servername:1000/Sites/MyDeveloperSite. We may think, that, this is very simple. Even I thought the same thing. That is, this is going to be a straight forward one. But, the problem here is the site is SSL Enabled one.

Let us see, how to create the web application using power shell and discuss about the problem and the error faced later.

 $ap = New-SPAuthenticationProvider
 
 New-SPWebApplication -Name "MyDevelopmentSite" -DatabaseName "WSS_Content_MyDevelopmentSite" -HostHeader "MyDevelopmentSite.DC07.Loc" -Port 4001 -ApplicationPool "MyDevelopmentSite" -ApplicationPoolAccount "DC07SPFarm" -URL "https://MyDevelopmentSite.DC07.Loc" -AuthenticationProvider $ap –SecureSocketsLayer
 

This will create the WebApplication with a host header. And the URL of the WebApplication would be https://MyDevelopmentSite.dc07.loc:4001/

Let us go to the Central Administration to confirm whether the web app has been created or not.

Yes, it got Created.

Now, let us create a Sitecollection on this web application with the below script.

 $template = Get-SPWebTemplate "PRODUCTCATALOG#0"
 
 #$template
 
 New-SPSite -Url "https://MyDevelopmentSite.DC07.Loc:4001/sites/ProductCatalogTestSite" -OwnerAlias "Administrator@dc07.loc" -Template $template -Name "Product Catalog Test Site" 
 

The Site Collection has been created. Now, try accessing the Site Collection by the URL specified above.

When try accessing this URL, We can see the below error message.

“The Webpage is not available” is a very weird exception. I know, everyone will get angry by seeing this exception. But once, we faced this, then this is a very simple exception.

The reason for this one is, this is SSL enabled. But till now, we haven’t binded any certificate for this web application. Let us do that by going to the IIS. The steps are as follows.

1. Open the inetmgr.

2. Create a SSL. To create, have a look on this article.

3. Bind the Certificate to the WebApplication Created. Refer here to do that.

Once, we done with the binding and try opening the page, again, we may not have smile on our face. The below page will be thrown on our screen.

You attempted to reach mydevelopmentsite.dc07.loc, but instead you actually reached a server identifying itself as C4968397007.DC07.Loc. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of mydevelopmentsite.dc07.loc.

The screen would be something like

When we see this kind of exception, the immediate action item would regarding the Certificate. The Certificate, which we created from our IIS (Self-Signed Certificate) is the one which causes this exception. If you have a look at the Certificate, the “Issued To” would be the Machine Name.

Now, we need to change the “Issued To” field. That we cannot do for a self-signed certificate. At that, time, there is no other go, that we need to create a Domain-Certificate. For that, we require the Domain Certificate Authority. We had already seen enough information about the Certificate Authority and the Domain Certificates in the previous posts.

For reference, I am giving the links here.

https://www.sharepointpals.com/post/Installing-Certificate-Authority-by-Active-Directory-Certificate-Services-on-Windows-Server-2008-R2

https://www.sharepointpals.com/post/Creating-a-Domain-Certificate-from-Certificate-Authority-through-IIS-Server

https://www.sharepointpals.com/post/Creating-a-Domain-Certificate-from-Certificate-Authority-through-MMC

Let us Assume that, we are creating the Domain Certificate from IIS itself. Since that is the easiest approach. The important thing we need to note down is the “Common Name”

This should match the host header. This is the actual problem.

Then the created certificate would be

Now, map this certificate to the web application, which we created and try login.

Thus we created a web application with a host header and mapped that to a Domain Certificate.

In the next posts, we will see some more interesting requirements which I faced.

Happy Coding.

Sathish Nadarajan.

In the previous article, we saw how to install ADCS and convert our Windows Server 2008 R2 into a Certification Authority Server. In this post, let us see, how to use that CA to issue certificate for us.

There are 2 ways to create the certificate using CA. In this article, let us see one through IIS Server.

Approach I – Through IIS:

In this Approach, the same as that of creating a Self-Signed Certificate, we can also create a Domain Certificate as well. Only thing is, Active Directory Certificate services should be installed on the Domain. If it is not properly installed, then we cannot create a Domain Certificate. Though we are able to see the link to Create Domain Certificate from the IIS, we cannot create. Let us see, how we cannot Create first.

Let us go to the IIS Server.

On the Right Pane, we can see the option to Create Domain Certificate. Click that one.

We need to give all the necessary information. Then only Next Button will get enabled.

For documentation purpose, am giving test in all the fields.

When I press Next, the next screen would be

Since, there is no CA installed, we cannot proceed further.

Let us see, if the CA is installed, (the screen shots were taken from a different environment. Hence the name of the servers will not match with the previous ones)

Now, the Certification Authority Selection Button will be enabled.

Select the CA which we installed already.

Give a Friendly Name and click Finish

The certificate got Created.

The major difference, which I thought of explaining is, the “Issued To” field. This field is coming from the Common Name which we gave on the First Screen. For reference, the same is pasted here.

Hence, if we want a certificate against any specific machine, then we need to give the machine name or the full name of the machine (along with the domain) on the Common Name Field. The other fields, doesn’t have much impact.

And much more important difference is renewal.

On the below screen shot,

Only the “Test” is domain Certificate. The remaining 2 are Self-Signed Certificate. To identify them, select and Right click on the Certificate. You cannot find an option for renew. Only Domain Certificates can be renewed. Self-Signed Certificates cannot be renewed.

As I mentioned, there are 2 ways to Create a domain Certificate. In this post, we saw one of the approach. The second approach, we will see in the upcoming posts. Thanks.

Happy Coding.

Sathish Nadarajan.

All of us know the importance of Certificate while in development environment as well in the customer’s environment. Being a developer, we don’t bother about the customer environment’s Certificates. But, while developing itself, we will be required to deal with the certificates frequently. For Example, even for creating a HTTPS site, we require certificates.

Regarding this, we had already seen, how to create a self-signed certificate from IIS in this post. But, the problem which we faced here is, the validity of the Certificate. The default validity of the self-signed certificates are one year. After one year, there is no option to renew or extend the validity. Even I couldn’t see any option for the AutoCertificateRollover also. (We can discuss about them in some other posts.)

At the same time, for the development, we cannot buy any certificate for cost also. At this scenario, if we have a Windows Server 2008 R2 machine (or any other Server OS can help. Since, I used Windows Server 2008 R2, I am explaining about that), we can convert our server into a Certificate Authority Server, and get certificates from that itself. We can renew, and we can choose any templates etc., There are much more options are there.

Let us see how to install the Active Directory Certificate Services first. As usual, the step by step procedure are as follows.

1. Open the Server Manager

2. Select the Roles. And Add Roles.

3. Select the Active Directory Certificate Services

4. The installation Wizard will begin

5. Select the Services. The basic things we require for our need is, Certificate Authority and Certification Authority Web enrollment

6. To install, the Web Enrollment Service, there are certain IIS related Services needs to be installed. Click on Add Required Role Services.

7. Now, go to the next screen

8. Select the Enterprise, since we are going to use the existing Active Directory

9. Select the Root CA. This Certification Authority is going to be the Root for any other sub Certification Authority in future. As for as concerning the development machine, we don’t need to worry about this. We can proceed with Root CA

10. Select the New Private Key

11. The encryption methods. Leave as by default. The only thing to be noted here is the Key Character Length. For a safer side, always keep the length not less than 2048.

12. Give the name of the CA and the Certificate prefixes etc., Mostly keep as it as default.

13. Validity of the Certificate. Give as you require. Even, if you give a lesser value, we can renew the certificate.

14. Location of the database files.

15. Confirm and proceed with installation.

Verifying the Installation.

Once the installation got succeed, we need to verify. To verify that, we can go to Server manager again and see the Roles has been added.

To verify against the Certification Authority, the following steps will help us.

1. Go to Run and type MMC

2. Management Console will open. On that, Add Snapin.

3. Add Certification Authority and select Local.

4. It will get added.

5. Now, you can see the entire certificates which were issued, pending requests, Certificate templates etc.,

We can see, how to create a certificate using this Certification Authority in the consecutive posts.

Happy Coding.

Sathish Nadarajan.