Can I use Alternate Access Mappings for this?

TechiePlaya 21 Reputation points
2021-02-01T18:55:35.947+00:00

My SSL certificates for my SharePoint sites are expiring. It's a gov org that issues these. They are refusing to issue new ones. So my boss and I plan on using self signed certs. Importing the self signed certs on the client side into the "stores" has made no difference.

The problem with the self signed certs is that they use the host name rather than a friendly URL. I had no luck with SAN self signed certs, instructions didn't match the options that I saw and they seem really step intensive to do.

The problem with going to a host name based cert, if the users hit the normal friendly URL, it throws a warning error. So we'd have to change their home page to the host name URL. Of course the problem with that is the links, InfoPath forms, all of that will direct to the old friendly URL that will now be expired. So we either update all of those or use AAM so that when people try to go to the old friendly URL that now has expired SSL certs, it redirects them to the host name with the self signed SSL cert.

Can I use Alternate Access Mappings to get around this? If so how?

SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,834 questions
0 comments No comments
{count} votes

Accepted answer
  1. Trevor Seward 11,691 Reputation points
    2021-02-01T20:25:19.797+00:00

    If you're using Self-Signed Certs, there's no reason you cannot generate one for an FQDN. The example for New-SelfSignedCertificate shows how to do this:

    https://learn.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps#examples

    Using an AAM has other complicated factors, such as if a URL was hardcoded with the FQDN, the content would not render, or SharePoint Alerts will use the default AAM they were set up on, etc.

    The solution here is to fix the existing certificate by replacing it (self signed or otherwise) with the same FQDN.


0 additional answers

Sort by: Most helpful