SharePoint 2013 – SSL Hosted App Web
SharePoint 2013 App Development requires an “App Web” for the actual code to be hosted when building apps. The default approach has been to simply create a web application that is tied to the server name such as http://SPDEV2013 and run the apps over plain HTTP. However in various situations, especially for public facing applications you would really want to run this over SSL. To enable this there are various ways of doing this. The way I choose to do it is as follows:
- Create the DNS Entries you need for the “App Web”
- Firstly we need to create the new “Zone” that we want to use, for this I am going to use “appssps.int”
- Open “DNS Manager”, expand the server name then right click “Forward Lookup Zones” and choose “New Zone”
- Add the name you wish to use for me I used “appssps.int”
- Now we need to add a record that will allow wildcard use of the domain
- Right click the domain zone and choose “New Alias (CNAME)”
- There is plenty of conversation of whether you should use a “CNAME” record or an “A” record and you can see that and make a decision yourself, for this example however I am using the “CNAME”
- Follow the wizard by adding the following, with obvious changes for your domain and DNS Server
- Now we need to select the server so it all maps together, notice we set it to the server on the core domain not the new domain we will use for hosting the apps
- Now to test this we can simply ping anything like this:
- It should respond the correct IP Address, if not and you have multiple IP addresses on the server then reset the DNS entry using the right IP Address. For example mine should be sing an internal IP of 18.104.22.168, not the NAT address it picked up from the other NIC in my Server.
- Now that we have core networking and DNS setup, we now need to provision a web application within the current SharePoint Solution. I won’t go through these steps as this is well documented. The key here though is to NOT create a site collection at all.
- My Web Application is now created set to 443 as the port and a URL of https://apps.sps.int.
- Now we need to create a wildcard certificate unless you already have one
- Open up “IIS” and select the root node then select the “Server Certificates” icon
- Now based on how your environment is configured you may have to import a purchased certificate, create a self-signed one or create a domain certificate instead. I created a domain certificate as I have my own Certificate Authority.
- You will notice that the certificate is a wildcard one for the domain I want to host the apps on. It was generated using my certificate authority
- Now we need to assign the certificate to the IIS website
- I am using specific IP Addresses for the SSL binding, which just makes my life a little easier segmenting the traffic.
- The SSL Certificate is set to the wildcard one we created earlier
- Now we need to configure SharePoint to use this for hosting apps.
- To actually setup the SharePoint side of it you can find instructions over on MSDN.
- The only changes needed to those instructions is just to add the right values.
- When accessing the “App” link in Central Administration you should see the following settings:
- Once it is all configured you can now purchase an app such as the “Corporate News App”
- Opening fiddler will show the paths being requested and rendering
- You will see the initial request using the “_layouts/15/appredirect.aspx” page
- Then it loads the request using HTTPS for the actual app to load
- When you hit the final app, the URL is running over HTTPS
Hope this helps in getting your apps to run over SSL as they should. J