Using SSL Authentication for SharePoint Sites

When using the default HTTP protocol for external SharePoint sites (for example Extranet zone for your clients) – you are taking a huge risk that someone will sniff and retrieve data trasnferred between your SharePoint front-end server and end-user. To prevent a data leak, you should encrypt the data that is being transferred between the front-end and the user. The only proper way to do this is to have an SSL certificate installed. Installing an SSL certificate not only gives you the verification of the site address (when using trusted root certificate sources), but it also encrypts your data so there is very little chance that the packets sniffed will be readable by anyone else than your users and SharePoint itself.

SSL certificates certainly add to the cost of a SharePoint site but you can use your own Certificate Authority or even use self-signed certificate from   IIS Server 7. This will be marked as untrusted in the client browsers, but at least you will have encryption enabled. So let’s try to enable SSL on a test site, with the Self-Signed Certificate .

Open IIS Manager and look for Server Certificates icon in Features View of your IIS Server.

SSL Authentication for SharePoint
IIS Manager v7.5 with Server Certificates icon selected

Double click the Server Certificates icon and select Create Self-Signed Certificate from the Actions menu on the right:

SSL Authentication for SharePoint

Server Certificates Window with highlighted option to Create a self-signed certificate

Now specify a Friendly name of the Certificate. This will be used as an identifier and I strongly suggest you use the actual domain name you will be using. So for the site http://sps2010   it will be sps2010.

SSL Authentication for SharePoint
Self Signed Certificate creation – Friendly Name window

Click on OK button and you are done. You have a SSL certificate that you can now use with a SharePoint site. Now we need to bind this certificate with our application. To do this, expand the Sites tree view in IIS Manager and select the SharePoint website.

SSL Authentication for SharePoint

IIS Manager with my Example app site highlighted

Now click on the Bindings option on the action pane on the right side of the screen.

SSL Authentication for SharePoint
Site Bindings window with default settings for typical SharePoint application

Here you can add the SSL (HTTPS) authentication for this site, so let’s go ahead and click Add button. Next you need to specify the binding type , so select HTTPS and then you will need to specify the certificate, so from the SSL Certificate field choose our newly created self-signed certificate called sps2010 and click OK.

SSL Authentication for SharePoint
Add site binding window
Continues…

Pages: 1 2




Array

Trackbacks/Pingbacks

  1. SharePoint Security – SharePoint Authentication Part 1 | SharePoint Monitor - February 14, 2011

    [...] and only with a secure SSL certificate which encrypt the  sensitive network traffic (see SharePoint SSL Authentication). Sometimes, old software deployed in the enterprise requires using Basic Authentication (such as [...]