Hi @Greg Booth ,
The steps to secure Central Administration are as follows:
- Set SharePoint Central Administration site to use SSL Port 443
- Assign SSL certificate binding to the Central Admin Web application through IIS.
- Verify the Alternate Access Mappings to accommodate the port change.
See detailed tutorial in this article: How to Secure SharePoint 2016 Central Administration Site from HTTP to HTTPS using SSL Certificate?
Is there anything else to be done if we already have another SharePoint web application using https on port 443?
Any Web App you create must be differentiated from other Web Apps in one of 3 ways. It can use a custom IP address, a custom port number or a host header. In your example you are already using the same port number and I assume you aren't using different IP addresses since that requires a fair amount of behind the scenes work. So that would leave creating the two web apps with different host headers. The problem with this approach is that Apps in SharePoint require at least one web app in the farm with NO host header. So if one web application using port 443 was created using no host header then the another one must be created using a host header. Any additional Web apps using 443 will also need to be created with host headers. You can specify the host header for the web app when creating the web app. Everything else is normal.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.