Building SharePoint 2016 development environment – Part 10 – Configuring Central Administration for SSL

A few years ago I wrote “Build You SharePoint 2013 development machine on Windows Server 2012” series, I mainly work in the cloud now, but as the blogs was so popular, I thought I would create a new series for the newer version of SharePoint.

You can access other parts of this post below.

At this point Central Administration is still running on non-secure HTTP. Let’s make central admin accessible from a vanity URL over SSL.

  • Ensure you are on the SharePoint box with a Domain Admin Account. (cfcode2016\Administrator)
  • We have already configured the Certificate Authority earlier on the Domain Controller. Here we are going to request the certificate using Internet Information Services on the SharePoint Server. From the Start Menu, type IIS and open Internet Information Services (IIS) Manager
  • Once IIS opens, click on the Server Name. (CFSP2016) You will be prompted with a dialog asking to get started with Microsoft Web Platform, click do not show this message and then click No.
  • From the IIS section, double click Server Certificates

  • From the right hand side of the screen, click Create Domain Certificate

  • Complete the form for the Domain Certificate as follows (Change to match your environment if not following exactly along)
    • Common Name : *
    • Organisation: CFCode
    • Organizational Unit: Computers
    • City/Locality: London
    • State/Province: London
    • Country/Region: GB

  • Click Next
  • On the Online Certification Authority enter the common name you gave your Authority Name\Server Name. (For example mine is MY-CA\, You can also use the select button if you have configured everything correctly. You can put anything in the friendly name box. Click Finish.

  • You should now see the certificate in the Server certificates window.

  • If there were other servers in your farm, you would need to export the .pfx file so that it can be imported into the other servers.

Set Central Admin to Run on SSL with Vanity URL

  • Log into your domain controller. In Start type DNS and open the DNS Manager.
  • In the left hand pane, expand Forward Lookup Zones and click on
  • Right click on and select New Host (A or AAAA)…
  • Put in the name you wish to call your Central Administration as an Alias. For example CAdmin, put the IP address point to the SharePoint Server. Click Add Host

  • Log back into the SharePoint server as the SP_Setup account. In Start type IIS and open IIS Manager
  • Navigate to SharePoint Central Administration v4 and then on the right hand panel, click Bindings…
  • On the Bindings dialog, click Add…
  • In the Add Site Binding page, select https from the Type dropdown, leave the IP address as All Unassigned, the Port should say 443. Enter the Host name as (or whatever your alias is), tick Require Server Name Indication,
    then select your certificate you created earlier. Click OK
  • From the Start Menu
    open SharePoint 2016 Central Administration, this ensures it runs as Administrator.
  • Click Application Management, then under Web applications,
    click Configure alternative mappings.
  • Take note of the internal URL shown in the default zone for central admin. Click the internal URL for http://cfsp2016:2016 so that you can edit it. Change the URL protocol, host and port to
  • Click OK.
  • Back on the Alternate Access Mapping Screen, click Add Internal URLs and add a new Internal URL for each of the following listed below. Screenshot below

  • Open the SharePoint Management Shell
    run as administrator. Type the following and run. Press A when prompted.

    Set-SPCentralAdministration -SecureSocketsLayer -Port 443

Add Central Administration to your Intranet Zone.

To prevent getting prompted for your login, configure the intranet zone in IE.

  • Open up Internet explorer
  • Click on the cog symbol, and select Intranet Options
  • Select the Security tab, and then click on Local Intranet. Then click on the Sites button.
  • On the Local intranet dialog, click the Advanced button.
  • Add your Central Administration to the Local Intranet Zone. (e.g.,
  • Close Central Administration and then re-open it from the Start Menu SharePoint 2016 Central Administration.
  • Say Yes to any warnings if the site already exists in Trusted sites zone.
  • While here also add * and https://cfsp2016:2016.
  • Tick Require server verification (https:) for all sites in this zone.
  • Then click Close, OK, and OK

Now if you go to Start Menu and open SharePoint 2016 Central Administration, it will open using the URL and the certificate will be valid.

Next step will be getting the bulk of SharePoint working. This will be creating sites, getting services up and running, and ensure you can do SharePoint app development. Recommend shutting down and taking checkpoints again. (Don’t worry when you are happy with your build, you can go back and delete all the checkpoints.)