SharePoint 2013 Domain Certificate for Provider-Host App Development Environment

-

Creating Self-Signed (domain) Certificate for Provider-Hosted App


This is the certificate that will be used on the IIS site to make it SSL enabled site.  It’s different from the one to create the STS Security token.  If the certificate is not created with proper domain associated, you’ll have issues with calling the App Event Receivers.  To create the certificate and set it up on IIS, following the instruction below:

  1. Open Visual Studio Developer Command Prompt and type the following command

makecert -r -pe -n "CN=spapps.rchen.com" -b 01/01/2013 -e 01/11/2015 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" "D:\ Certs\SPAppCert.cer"


certmgr /add " D:\ Certs\SPAppCert.cer " /s /r localMachine root

*** You need to replace the domain (spapps.rchen.com) with your domain and the file path for the new certificate.

  1. Open MMC.exe and add Certificates snap-in
    1. Copy the new certificate from “Personal/Certificates” folder to “Trusted Root Certification Authorities/Certificates” folder.

  1. Open IIS Manager
    1. Verify your domain certificate is added
    2. Bind it to your IIS site
  2. Add to SharePoint Trust Root Authority through Central Admin
    1. Security -> Managed Trust -> New
    2. Enter name and browse to the certificate. Click OK

Errors for Invalid Certificate

If your certificate isn't for correct domain or is invalid, you'll likely get the following errors.

Event Viewer

An operation failed because the following certificate has validation errors:

Subject Name: CN=server.domain
Issuer Name: CN= server.domain
Thumbprint: C1E2B38AC0D7F56AEA8906FFA2060AF4E67071E7

Errors:

 SSL policy errors have been encountered.  Error code '0x2'..

ULS Log


12/10/2013 09:36:28.74 OWSTIMER.EXE (0x3CF4)                     0x30B8 SharePoint Foundation              Topology                                  8311     Critical  An operation failed because the following certificate has validation errors:  Subject Name: CN= server.domain Issuer Name: CN= server.domain Thumbprint: B75C19AA3D4CCE373AF8C86D8525212464A6BFF6  Errors:   SSL policy errors have been encountered.  Error code '0x6'..            6d253d23-f72f-4173-a9a6-79aeaab7e557

12/10/2013 09:36:28.74 OWSTIMER.EXE (0x3CF4)                     0x30B8 SharePoint Foundation              Dev Events                                ajmb6   High    Calling remote event receiver failed. URL = [https://siteUrl/Branding/Services/AppEventReceiver.svc], App Identifier = [i:0i.t|ms.sp.ext|904aa6d3-df40-4d3f-9c09-9880e54ff978@ff5b3346-91e8-4dc3-926d-25c3116cfba6], Event Type = [AppInstalled], Exception = [Could not establish trust relationship for the SSL/TLS secure channel with authority 'spapps.rchen.com'.]     6d253d23-f72f-4173-a9a6-79aeaab7e557


*Note: if your environment does not have Visual Studio installed, you can use the following command from another computer to generate the .cer and .pfx files for another server.

makecert -r -pe -n "CN=spapps.rchen.com" -b 01/01/2013 -e 01/11/2017 -sky exchange -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" -sv "D:\Certs\SPAppCert.pvk" "D:\Certs\SPAppCert.cer"

pvk2pfx -pvk "D:\SSLCerts\spapps.rchen.com.pvk" -spc "D:\Certs\SPAppCert.cer" -pfx "D:\Certs\SPAppCert.pfx" -pi "Password1"

Manually import into MMC snap-in and IIS site

Comments

Unknown said…
Incredible blog to read.
April 9, 2017 at 9:53 AM
Sara Smith said…
Hi there, Hope you all are doing well. I simply want to give a immense thumbs up for the quality data you have right here on this post. I will likely be coming again to your weblog for more soon. I will recommend this blog to all those who want to learn about SharePoint.

Also I Want to Share With You 23 Best Dental Websites Build by OptiMized360.
April 9, 2017 at 9:57 AM
Post a Comment

Popular posts from this blog

SharePoint 2013 App Details Page Error

-
Image
Out of no where, the app details page started throwing out error for all apps. ULS log entries System.Data.SqlClient.SqlException (0x80131904): The EXECUTE permission was denied on the object 'prc_CountAppInstanceData', database 'UsageAndHealth_Logging_DB', schema 'dbo'.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)     at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)     at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()     at System.Data.SqlClient.SqlDataReader.get_MetaData()     at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBe
Read more

SharePoint 2013 - Working with Display Template for Content Search Web Part

-
Image
To create a custom display template, the best approach is to copy an existing one from Out-Of-Box display templates.  You can try each one and find the one that is closest to what you want to do. All the display templates are in the master page gallery.  To access it, Site Settings -> Master pages and page layouts -> Display Templates The Content Web Parts folder contains the display templates for content search web part and Search folder contains the display templates for the search results web parts. The easiest way to take a look at the display templates is to open the list in windows explorer.  On the ribbon, click on Open with Explorer option. You'll see a lot of html and js files in Content Web Parts folder.  The HTML files are the ones that you'll need to take a look.  The .js files are auto-generated when you add a new HTML file or update an existing one. For every content search web part, you usually have to specify two display template, Control a
Read more

SharePoint 2013 Features Information List

-
I find this information is so useful.  I used to get my information from, http://blogs.msdn.com/b/razi/archive/2013/10/28/listing-all-sharepoint-2013-features-including-name-title-scope-id-and-description.aspx. But in case the site is down later, I retrieve them using server code (SPFeatureDefinition) on SharePoint 2013 environment.  You can get the feature ID and description below. There is some more information is you're interested. SharePoint Server 2013 Features Display Name (Title) Scope ID Description PublishingStapling(Publishing Features Stapling) Farm 001f4bd7-746d-403b-aa09-a6cc43de7942 Staple Publishing features SiteStatusBar(Site status bar) Farm 001f4bd7-746d-403b-aa09-a6cc43de7999 Creates a Microsoft OneNote 2010 notebook in the Shared Documents library and places a link to it on the Quick Launch. This feature requires a properly configured WOPI application server to create OneNote 2010 notebooks. BasicWebParts(Basic Web Parts) Site 00bfea71-1c
Read more