SharePoint 2010 Central Administration over SSL

Question

How can you change the SharePoint 2010 Central Administration site so that it works over SSL, rather than a random port over http? Other sites on the server may also use SSL, so would use a host header to differentiate between them (e.g. admin.contoso.com for central admin, docs.contoso.com for documents etc).

Edit:
Can't set host headers with https in IIS, even though you can add a https binding without defining an IP address... suggesting that wildcard ip's may work (and the same certificate used on different sites).

Is it just a case of configuring the site in IIS as you would any other secure site, or do you also have to run 'stsadm' to tell SharePoint you have done this as well?

Answer 1

You should be able to just apply the SSL Cert in IIS for the central admin site in the same way as any other site, I reckon.

Answer 2

I don't think you can do host headers with ssl. Each site with it's own cert will need a different IP address.

I could be wrong though if you have a wildcard cert. I've never tried setting that up on IIS before.

Answer 3

1) I prefer to extend the CA site 2)install certificate as ordinary site. Certificate should have DNS/Hostheader information. 3) Bind the hostheader in IIS 4)Verify the AAM

It worked perfectly for me.

Make sure that your User Profile Service has these SSL information also