Self-Signed certificates provides encryption between the two ends. Technically, self-signed certificate are signed with its own private key. Often they are used in ADFS configuration. We may also have to use self-signed certificates in DEV-Test environments and for evaluations purposes. Lets see how to create a self-signed certificate using IIS.
Never use self-signed certificate on production sites!
How to create self-signed certificate for SharePoint 2013?
Let’s see, how to create a self-signed certificate in IIS step by step:
- Open IIS Manager, Click on Server name in the Left navigation Tree, Open “Server Certificates” widget
- From the Right pane, Click on “Create Self-Signed Certificate” link
- Enter the details for your self-signed certificate. Click on “OK” to create self-signed certificate from IIS.
That’s all. You’ll find the new self-signed certificate generated and listed in Server Certificates. By default, its validity is for 1 year with common name (Issued To) to the server name.
New-SelfSignedCertificate -certstorelocation cert:localmachinemy -dnsname uat.crescent.com
How to Bind SSL Certificate with SharePoint Web Application?
Now, our certificate is ready to use! You can bind it with any web application or export-import it to a secure trusted identity provider or while publishing service applications. Let’s see how to bind the certificate with any SharePoint web applications.
- Open IIS >> Select your target web application
- From right pane, Select Bindings link. Click on “Add” button.
- Select the certificate you created in the previous step from the SSL certificate dropdown.
You have to repeat these steps in all your web front ends and application servers.
How to establish a Trust by Importing the Certificate?
- From SharePoint Central Administration > Navigate to Security > Manage Trust
- Click New > Enter Name and specify the location for the certificate for “Root Certificate for the trust relationship” and Click OK.
You can achieve the same with PowerShell:
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:SharePoint.cer ") New-SPTrustedRootAuthority -Name "SharePoint Certificate" -Certificate $Cert
How to copy a certificate? Just double click on the Certificate from IIS, Go to details tab and click copy to file!