Sharepoint 2010/TMG SSL

[craigg]

I'm not sure if this is the right place to put this post but wasn't too sure where else I could post.

We currently have a sharepoint 2010 farm running internally which is then accessed externally via our TMG server.

I have got SSL working on the web listener for our main sharepoint domain sharepoint.cadcol.ac.uk but my issue is getting our My Site setup to use the same certificate.

I have been informed by our certificate service that they don't support wildcards unless it is on a subdomain, which we don't want.. so that leaves me with SAN certificates.

Has anyone done it this way? Or know of any information that would help?


Thanks in advance

[apearce]

is your SharePoint 2010 Mysites in the same web app?

[deano]

Internally, what address are your users connecting to access MySite?

[craigg]

Hi guys,

sorry its taken a while to get back.

Apearce:

I believe I have created a seperate webapp for my site with the AAM of my.cadcol.ac.uk

Deano

I am trying to keep our internal and external URLS the same so internally staff would use sharepoint.cadcol.ac.uk & my.cadcol.ac.uk

Hope that answers your questions!

Thanks for replying

[apearce]

Hi guys,

Apearce:

I believe I have created a seperate webapp for my site with the AAM of my.cadcol.ac.uk
Thanks for replying

You should have a seperate certificate in the listener for my.cadcol.ac.uk.

You can't do it all on the same certificate.

[craigg]

OK, that makes sense.

I have got the two urls running on the same listener. The only issue is - doesnt tmg moan if you try and create a new listener with the same port and IP address?

[apearce]

you want one listener with 2 rules.

The listener does the authentication but needs to know the URL, IP and if you are running https it also needs to the certificate.

You then point the rules one for sharepoint home and one for my at the same listener so you also get single sign on.

[craigg]

I ment to say rules before not urls ha.

So to clarify - I have two rules - 1: sharepoint 2: my both assigned to one listener.

I've got the sso set in the listener - but am unsure where i add the second certificate for "my". Or does that just sit on the server?

Sorry if im getting lost here.

[apearce]

this is off the top of my head - I can't remember but i think its the listener - if its not - its the rule.

My heart is telling the listener

[craigg]

You do assign the certificate in the listener.. the only issue is that it only gives you the option to assign a single cert for the web listener or one for each ip address. It doesn't give the option to add a second certificate.

I just forwarded your url to our web dev. He said he met you the other week at walsall. Small world.

[apearce]

You do assign the certificate in the listener.. the only issue is that it only gives you the option to assign a single cert for the web listener or one for each ip address. It doesn't give the option to add a second certificate.

I just forwarded your url to our web dev. He said he met you the other week at walsall. Small world.

I need to be infront of a box to see it - I'll start install a TMG box later today.

[craigg]

Issue solved!

I created a SAN certificate using the custom request option from within the Certificates MMC. So now i can use a single cert for both sites.

Thanks for all your help!