Enable Administration Service over HTTPS (FAST Search Server 2010 for SharePoint)

Applies to: FAST Search Server 2010

The Administration Service administers and configures FAST Search Server 2010 for SharePoint. Clients of the Administration Service include the following:

• Administrators on Microsoft SharePoint Server

• Internal FAST Search Server 2010 for SharePoint components which retrieve configuration information

By default, this traffic is using HTTP. You can help secure the traffic by using HTTPS through these configuration steps:

1. Create Certificates:

   The default self-signed certificate which is generated during installation cannot be used if you want to enable Administration Service over HTTPS. Follow the steps in Replace the self-signed certificate with a certificate signed by a certification authority to replace the general purpose self-signed certificate with certificates which fulfill the requirements listed in Certificates signed by a certification authority (CA).

2. Enable a trust relationship in Microsoft SharePoint Server for the certificate(s) you created in the previous step:

   Do this by importing the public certificate from the signing authority of the certificate(s) into Microsoft SharePoint Server.

   On Microsoft SharePoint Server, follow these steps:

   1. On the Start menu, click All Programs.

   2. Click Microsoft SharePoint 2010 Products.

   3. Right-click SharePoint 2010 Management Shell, and select Run as administrator.

   4. At the Windows PowerShell command prompt, type the following command(s):

      $trustCert = Get-PfxCertificate '<SSL_CA_Public_Cert>.cert'
      New-SPTrustedRootAuthority "FASTSearchHostAdminCert" -Certificate $trustCert
      

      Where:

      • <SSL_CA_Public_Cert> is the name of the certificate of the signing authority of the certificate(s).

3. Configure Microsoft SharePoint Server to use HTTPS for Administration Services:

   Change the Administration Service Location configuration setting for the Query Search Service Application (Query SSA) to use the HTTPS endpoint. The HTTPS endpoint is listed in the install_info.txt file. Refer to Create and set up the Query Search Service Application (FAST Search Server 2010 for SharePoint).

4. Configure FAST Search Server 2010 for SharePoint to use HTTPS for Administration Services:

   To enable the FAST Search services to use HTTPS for the Administration Services, a reconfiguration is required. Edit the deployment.xml file and set the attribute useadminservicehttps to true on each host element. Follow the steps in Reconfigure the farm deployment (FAST Search Server 2010 for SharePoint) to complete the reconfiguration. Refer to deployment.xml reference for detailed information.