SharePoint Geek » ssl

Host Header On SSL Sites

Stewart Schatz — Thu, 24 Jun 2010 17:18:00 +0000

This is an update to our previous post (Enable Host Headers On An SSL/HTTPS Site). Which used the following command to enable host headers on SSL sites:

cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:"

I ran into some issues with using SecureBindings with the Sharepoint Central Administration sites so I thought I would post some of the other commands that I used:

To find out what bindings are on a site use the following command:

cscript.exe adsutil.vbs get w3svc//securebindings

To remove the host header from an SSL site use the following command:

cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:"

Tags: IIS, ssl

IIS Admin Error: Handle Is Invalid – Permissions SSL Certificate MachineKeys

Stewart Schatz — Wed, 05 May 2010 18:32:18 +0000

Well, I’ve been trying to setup the External Collaboration Toolkit. All of the instructions tell how to do it as a standalone SharePoint install, but I am trying to get it setup in a SharePoint farm. One of the steps in the instructions is to setup ADAM to act as the authentication for external users. The communications with ADAM need to be SSL encrypted. So, I set it up the way the instructions say and went through the portion that ensures that the UserID that runs the ADAM service has access to the SSL Certificates.

That’s when I must have went wrong. Somehow, I removed access to the SSL Certificates from the service that runs the IIS Admin service. So, when I rebooted, IIS would not start. The only thing that was in the event log was:

Handle is invalid

Real helpful, huh?

Luckily, I was able to find Microsoft KB Article #278381. The basic thing is that I needed to reset the security on the SSL Certificates. Below is an explaination:

The MachineKeys are at the following location:
All Users Profile\Application Data\Microsoft\Crypto\RSA

The following settings are the default permissions for the MachineKeys folder:

Administrator	(Full Control)	This folder only
Everyone	(Special)	This folder, subfolders, and files
SYSTEM	(Full Control)	This folder, subfolders, and files

To view the special permissions for the Everyone group, right-click the MachineKeys folder, click Advanced on the Security tab, and then click View/Edit. The permissions consist of the following permissions:

List Folder/Read Data
Read Attributes
Read Extended Attributes
Create Files/Write Data
Create Folders/Append Data
Write Attributes
Write Extended Attributes
Read Permissions

Select the Reset Permissions on all Child objects and enable propagation of inheritable permissions check box.

Tags: adam, External Collaboration Tool-Kit, IIS, ssl

Enable Host Headers On An SSL/HTTPS Site

Stewart Schatz — Fri, 26 Feb 2010 16:11:27 +0000

The other day we came across an issue where a user inadvertently inserted a “https” in the URL of a SharePoint site. The resulting page that was displayed was the Central Administration site.

The only site that is secured with SSL on our SharePoint servers is the Central Admin site. The Central Admin site also has a host header. So, I thought that all traffic on port 443 would require the correct host header for Central Admin to respond.

I was wrong.

I was able to find a script on Microsoft TechNet that will enable host headers for SSL sites. Run the following from the commandline:

cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:"

Where <host header> is the host header for the Web site and is the site’s unique identifier.

You will find the adsutil.vbs file in several places but you should probably use the one located at C:\Inetpub\AdminScripts.

IIS 6.0

IIS 7.0

Tags: Central Administration, IIS, Sharepoint, ssl, wss

SharePoint Geek » ssl

Host Header On SSL Sites

Related posts

IIS Admin Error: Handle Is Invalid – Permissions SSL Certificate MachineKeys

Related posts

Enable Host Headers On An SSL/HTTPS Site

Related posts