Environment is SP 2013 on-premises with March PU and October CU applied. I have two web applications using host headers, both on port 443, both using the same SAN ssl cert:
- sharepoint.contoso.com
- mysite.contoso.com
The server is an Azure virtual machine, so I'm limited to using a single IP address. The VM's FQDN name is sharepoint.contoso.com.
I followed the instructions here:
Configure an environment for apps for SharePoint (SharePoint 2013)
and here:
Enable apps in AAM or host-header environments for SharePoint 2013
I ran this command:
New-SPWebApplicationAppDomain -AppDomain contosoapps.com -WebApplication https://sharepoint.contoso.com -Zone Default -Port 10000 -SecureSocketsLayer
This created a binding on the sharepoint.contoso.com IIS web application on port 10000, using the wildcard ssl cert for contosoapps.com.
When I run the app, I end up getting a certificate warning, and when I continue through, a 404. In Fiddler, I can see that the first request is to /dev/_layouts/15/appredirect.aspx, with a 302 result. The next request is a tunnel to apps-5b3bd8632cbd8d.contosoapps.com:443. This is where I get the certificate warning, because it's attempting to make a tunnel using the SAN certificate for contoso.com. When I continue through, I get the 404 for apps-5b3bd8632cbd8d.contosoapps.com/dev/BasicSharePointHostedApp/Pages/Default.aspx?SPHostUrl=https%3A%2F%2Fsharepoint%2Econtoso%2Ecom%2Fdev&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4481%2E1005&SPAppWebUrl=https%3A%2F%2Fapps%2D5b3bd8632cbd8d%2Econtosoapps%2Ecom%2Fdev%2FBasicSharePointHostedApp.
What I don't understand is this: I configured the AppDomain for port 10000. Why are requests being made on port 443?
I believe I could get around this by creating an empty SharePoint web application on port 443 without a host header. But I'm trying to avoid that, because I then have to use SNI since I have a single IP limit, which I don't want to do for other reasons. I should be able to get this all to work on a single IP without SNI, no?