Re: WSS V3 : Configuring AAM for SSL

In case you haven't, read that article to the end.

It starts off (very confusingly in my opinion) with information about ISA Server (and reverse proxy) which most people don't need AAM for, before going on to the more normal things.

But, as you also write that you can get http to work in the way you want, you are no doubt right that the problem is with https only (and the only references to https in that article are all in the ISA/reverse proxy section).

Sorry to offer nothing else. I have looked ...

Mike Walsh

PierreJulien wrote:
Hello Mike
Thanks for the reply. I will respond as best i can to your points.

1/ You hope right, it isnt MOSS just a name.

2/ I am trying to have 2 zones, each with a different authentication providers, and an internet url for browsing.
On the AAM paper i read, they are also using a Default URL identical for Internal and Public, http://sharepoint.
They are using a reverse proxy, so that user browsing https://www.contoso.com are forwarded to http://sharepoint.perimeter.contoso.com then sent to the sharepoint server.
I am not using a reverse proxy, so i skipped the Add Internal URLs.
(Further I am not allowed to Add Internal URLs using http://machinename for Internet zone, i get "The IncomingUrl is already present in the collection.")

3/ My users will browse to https://sharepoint.mydomain.fr/mysite, which by way of DNS is sent to the sharepoint server directly. As i understand, sharepoint will read its AAM bindings looking to find this URL "https://sharepoint.mydomain.fr"; .
It would find it as a public URL for the Internet zone pointing to the extended WebApp so it will load the content of "/mysite" from the content DB.

Before trying this second WebApp with HTTPS, i succeeded with a second WebApp with HTTP only and all went well. The links of the site are with the correct public URL. So i am guessing that i am missing something to specifically use SSL...


"Mike Walsh" wrote:

I hope this "mysite" isn't the MOSS only MySite because then you'd be in the wrong newsgroup!

This

The internal URL for Default zone with the same URL for public.
http://machinename --- Default --- http://machinename

makes no sense at all.

There is no point in having an *Alternate* address that is the same as the default address. What's it converting ?

The whole idea is that you have a different address in Internet which is the address that you use from outside. When you access the site's main page with this different external address it will work because DNS knows how to convert BUT all internal addresses will be pointing at the incorrect external address (and not working) unless you have set AAM.

You should read the paper on AAM here

http://technet2.microsoft.com/windowsserver/WSS/en/library/c8ccffce-5162-46af-a3ef-1d7914e8efee1033.mspx?mfr=true

and think again.

Mike Walsh
WSS FAQ www.wssfaq.com / wss.collutions.com
no private e-mail questions please

PierreJulien wrote:
Hello,

I created a first WebApp on port 80 without host header nor SSL, giving an URL of http://machinename:80 . Then did a iisreset.
I then changed this WebApp managed paths to include in wildcard the root path (/).
I created a first SiteCollection on root as http://machinename/mysite.
The site collection works fine.

I then extended a second WebApp on the first one with port 443, host header and SSL, giving an URL of https://sharepoint.mydomain.fr:443.
Our DNS resolves correctly this URL to the sharepoint machine. This second WebApp is in Internet zone.
I went into IIS on this second WebApp to set the IP address to a fixed one, to write the host header (as it didnt show) and to assign a valid certificate.
Then did a iisreset.

In AAM, i have two lines :

The internal URL for Default zone with the same URL for public.
http://machinename --- Default --- http://machinename

The external URL for Internet zone with the same URL for public.
https://sharepoint.mydomain.fr --- Internet --- https://sharepoint.mydomain.fr

The first SiteCollection created isnt accessible by typing https://sharepoint.mydomain.fr/mysite nor https://sharepoint.mydomain.fr/mysite/default.aspx
IE says it cant display the page

But it is still accessible by typing http://machinename/mysite

I dont understand what is wrong.
.

Relevant Pages

  • Re: WSS V3 : Configuring AAM for SSL
    ... "Mike Walsh" wrote: ... Internet zone, i get "The IncomingUrl is already present in the collection.") ... I then extended a second WebApp on the first one with port 443, ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: WSS V3 : Configuring AAM for SSL
    ... Internet zone, i get "The IncomingUrl is already present in the collection.") ... sharepoint will read its AAM bindings looking to find this ... I then extended a second WebApp on the first one with port 443, ...
    (microsoft.public.sharepoint.windowsservices)
  • Word of Wisdom: 10/22/2005
    ... nd that viruses join with mal-ware. ... You have to really think about what you are getting from the internet. ... FOR LOCAL INTERNET ZONE: Medium-low. ... Block pop-ups and allow no exceptions. ...
    (microsoft.public.security.virus)
  • Re: Internet explorer in wrong zone
    ... The following Registry key corresponds to Internet zone: ... does 'DisplayName' show 'Internet' in Data column? ... does 'DisplayName' show 'My Computer' in Data column? ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • deploying PWA over the internet through ISA server, reverse proxy
    ... how to implement PWA over the internet through ISA ... server, reverse proxy. ...
    (microsoft.public.project)
Loading