SharePoint 2013 – SSL Hosted App Web

SharePoint 2013 App Development requires an “App Web” for the actual code to be hosted when building apps. The default approach has been to simply create a web application that is tied to the server name such as http://SPDEV2013 and run the apps over plain HTTP. However in various situations, especially for public facing applications you would really want to run this over SSL. To enable this there are various ways of doing this. The way I choose to do it is as follows:

  1. Create the DNS Entries you need for the “App Web
  2. Firstly we need to create the new “Zone” that we want to use, for this I am going to use “appssps.int
  3. Open “DNS Manager”, expand the server name then right click “Forward Lookup Zones” and choose “New Zone

     

  4. Add the name you wish to use for me I used “appssps.int
  5. Now we need to add a record that will allow wildcard use of the domain
  6. Right click the domain zone and choose “New Alias (CNAME)


  7. There is plenty of conversation of whether you should use a “CNAME” record or an “A” record and you can see that and make a decision yourself, for this example however I am using the “CNAME
  8. Follow the wizard by adding the following, with obvious changes for your domain and DNS Server


  9. Now we need to select the server so it all maps together, notice we set it to the server on the core domain not the new domain we will use for hosting the apps


  10. Now to test this we can simply ping anything like this:

     

  11. It should respond the correct IP Address, if not and you have multiple IP addresses on the server then reset the DNS entry using the right IP Address. For example mine should be sing an internal IP of 13.13.0.101, not the NAT address it picked up from the other NIC in my Server.


  12. Now that we have core networking and DNS setup, we now need to provision a web application within the current SharePoint Solution. I won’t go through these steps as this is well documented. The key here though is to NOT create a site collection at all.

  13. My Web Application is now created set to 443 as the port and a URL of https://apps.sps.int.
  14. Now we need to create a wildcard certificate unless you already have one
  15. Open up “IIS” and select the root node then select the “Server Certificates” icon

  16. Now based on how your environment is configured you may have to import a purchased certificate, create a self-signed one or create a domain certificate instead. I created a domain certificate as I have my own Certificate Authority.

  17. You will notice that the certificate is a wildcard one for the domain I want to host the apps on. It was generated using my certificate authority
  18. Now we need to assign the certificate to the IIS website

  19. I am using specific IP Addresses for the SSL binding, which just makes my life a little easier segmenting the traffic.
  20. The SSL Certificate is set to the wildcard one we created earlier
  21. Now we need to configure SharePoint to use this for hosting apps.
  22. To actually setup the SharePoint side of it you can find instructions over on MSDN.

    http://technet.microsoft.com/en-us/library/fp161236.aspx

  23. The only changes needed to those instructions is just to add the right values.
  24. When accessing the “App” link in Central Administration you should see the following settings:


  25. Once it is all configured you can now purchase an app such as the “Corporate News App

  26. Opening fiddler will show the paths being requested and rendering

  27. You will see the initial request using the “_layouts/15/appredirect.aspx” page
  28. Then it loads the request using HTTPS for the actual app to load
  29. When you hit the final app, the URL is running over HTTPS

    https://app-8381dbb6014bb5.appssps.int/CorporateNewsApp/Pages/Default.aspx?SPHostUrl=https%3A%2F%2Fportal%2Esps%2Eint&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4517%2E1005&SPAppWebUrl=https%3A%2F%2Fapp%2D8381dbb6014bb5%2Eappssps%2Eint%2FCorporateNewsApp

Hope this helps in getting your apps to run over SSL as they should. J

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...