Hi Rolly,
Yes. Only SQL 2000 is on a different server. Both servers are Windows 2003
SP1.
SSL is enabled via a self-signed certificate for Project, and I'm ordering a
Thawte certificate for it today for other reasons. The SharePoint admin site
is not SSL, but I want to make it SSL. WSS is a work in progress.
Yes.
Ray
OK Ray
It took a while, but here's the procedure:
Step 1 - Install SSL certificate on Project web site
This procedure will assume that: (1)the previous self-signed certificate
has been removed (2)a new IIS Web Server Certificate request has been
made and (3)Thawte has created and sent you the web server certificate.
1. Open IIS Manager and navigate to the Web Sites folder.
2. Right click on Project web site and select Properties.
3. On the Project Properties page, click Directory Security tab and
click Server Certificate.
4. On the Welcome to the Web Server Certificate Wizard page, click Next.
5. On the Server Certificate page, select Process the pending request
and install the certificate and click Next.
6. On the Process a Pending Request page, in the Path and file name box,
type the location of the certificate (for example, c:\newcert.cer) and
click Next.
7. On the SSL Port page, in the SSL port this web site should use box,
type 443 (Standard port for SSL) and click Next.
8. On the Certificate Summary page, click Next.
9. On the Completing the Web Server Certificate Wizard page, click
Finish.
10. On the Project Properties page, under Secure Communication, click
Edit
11. On the Secure Communication page, select the following options and
click OK.
Require secure channel (SSL)
Require 128-bit encryption
(This forces the web site to use SSL)
12. On the Project Properties page, click OK.
Step 2 - Enable SSL certificate on WSS web site
In this procedure we will use the same Thawte SSL Certificate for the
WSS web site as the certificate is based on the web server name and not
the web site name.
1. Right click on WSS web site and select Properties.
2. On the WSS Properties page, click Directory Security tab and click
Server Certificate.
3. On the Welcome to the Web Server Certificate Wizard page, click Next.
4. On the Server Certificate page, select Assign an existing certificate
and click Next.
5. On the Available Certificates page, select the Thawte certificate and
click Next.
6. On the SSL Port page, in the SSL port this web site should use box,
type 444 (The standard port of 443 is already used for Project web site)
and click Next.
7. On the Certificate Summary page, click Next.
8. On the Completing the Web Server Certificate Wizard page, click
Finish.
9. On the WSS Properties page, under Secure Communication, click Edit.
10. On the Secure Communication page, select the following options and
click OK.
Require secure channel (SSL)
Require 128-bit encryption
11. On the WSS Properties page, click OK.
Step 3 - Enable SSL certificate on SharePoint Central Administration web
site
In this procedure we will use the same Thawte SSL Certificate for the
SharePoint Central Admin web site as the certificate is based on the web
server name and not the web site name.
1. Right click on SharePoint Central Admin web site and select
Properties.
2. On the SharePoint Central Administration Properties page, click
Directory Security tab and click Server Certificate.
3. On the Welcome to the Web Server Certificate Wizard page, click Next.
4. On the Server Certificate page, select Assign an existing certificate
and click Next.
5. On the Available Certificates page, select the Thawte certificate and
click Next.
6. On the SSL Port page, in the SSL port this web site should use box,
type 443 (This will cause an error upon refreshing the Web Sites folder,
but we will fix this later using a different technique) and click Next.
7. On the Certificate Summary page, click Next.
8. On the Completing the Web Server Certificate Wizard page, click
Finish.
9. On the SharePoint Central Administration Properties page, under
Secure Communication, click Edit.
10. On the Secure Communication page, select the following options and
click OK.
Require secure channel (SSL)
Require 128-bit encryption
11. On the SharePoint Central Administration Properties page, click Web
Site tab, at the SSL port field, remove 443 and leave blank. (Also write
down the number of the TCP port [mine is 14009], we will need this
number later) and then click OK
12. On the SharePoint Central Administration Properties page, click OK.
Step 4 - Restart SharePoint Central Administration web site
1. At the IIS Manager window, right click the SharePoint Central
Administration and click Stop.
2. At the IIS Manager window, right click the SharePoint Central
Administration and click Start.
Step 5 - Enable SSL for the SharePoint Central Administration
In this procedure we will use the STSADM command-line utility in WSS to
convert to SSL communication for WSS Administration
1. Click Start --> Run, type CMD and click OK.
2. At the Command Line window, type the following and press Enter:
CD\Program Files\Common Files\Microsoft Shared\
web server extensions\60\BIN (all one line)
3. Retrieve the TCP port for the SharePoint Central Administration.
Mine is 14009. The SSL port number will be the TCP Port + 1. So for
example, 14009 + 1 = 14010
3. Type the following command and press Enter:
stsadm.exe –o setadminport -p 14010 –ssl
You should receive an "Operation completed successfully" message.
4. Close the Command Line window.
Step 6 - Changing the Project Server URL
In this procedure we change Project Server URL to use SSL.
1. Launch Internet Explorer
2. Type the following URL: http://<servername>/projectserver
For example, prjsvr is the name of my server so my URL will be:
http://prjsvr/projectserver.
3. You should receive the following error:
The page must be viewed over a secure channel
This tests the Secure Communication configuration change we did in IIS
Manager. If you do not receive the message then there is an error in the
configuration
4. Type the following URL: https://<servername>/projectserver
For example, prjsvr is the name of my server so my URL will be:
https://prjsvr/projectserver.
5. On the Project Web Access home page, click Admin.
6. On the Administration Overview page, click Server Configuration.
7. On the Server Configuration page, at the Enter the intranet and/or
extranet.... section, change Server intranet address to following:
https://<servername>/projectserver and click Save Changes.
Step 7 - Changing the WSS URL in Project Web Access
In this procedure we change the WSS URL used in PWA to use SSL.
1. On the Administration Overview page, click Manage Windows SharePoint
Services.
2. On the Connect to SharePoint server page, type the following URLs in
the corresponding fields and click Save Changes.
SharePoint Central Admin URL:
https://<servername>:<SSL Port Number>
For example,
https://prjsvr:14010
Create a site under this SharePoint URL:
https://<servername>:<SSL Port Number>/sites
For example,
https://prjsvr:444/sites
You should see a Success message
Step 8 - Verifying the changes to previously created Project Sites (WSS)
in Project Web Access
1. On the Connect to SharePoint server page, click Manage SharePoint
sites.
2. On the Manage Windows SharePoint Services sites page, a listing of
previously created project sites are shown. The Site Address for each
project site should be changed to show:
https://<servername>:<SSL Port Number>/sites/projectserver_###
(### is the project ID)
4. Click on Project Site links to verify
3. Close Internet Explorer
Procedure Recap
A. Installed SSL certificate on Project, WSS and SharePoint Central
Administration web sites
B. Forced using SSL for all web sites
C. Used STSADM command-line utility to enable SSL for the SharePoint
Central Administration
D. Changed the Project Server URL within Project Web Access
E. Changed the SharePoint Central Administration URL within Project Web
Access
F. Changed the Project Site URL within Project Web Access
G. Verified and tested all Web connections
Copyright © 2005 Entecorp Inc. All rights reserved
--
Rolly Perreaux, PMP
Project Server Trainer/Consultant
Entecorp Inc.
http://www.entecorp.com