Securing a SharePoint Site with SSL

Google has announced that they are starting to give more weight in search result for sites protected with SSL. If you are publishing your SharePoint sites over the internet, applying SSL should become a priority now. However, security (encryption over SSL) should be considered important whether SharePoint sites are on the internet or intranet.

Securing a SharePoint site with SSL is no different than securing other websites hosted on IIS. What we need is a valid server certificate. For development or testing environment, it is OK to use self-signed certificate, or certificates generated by local Active Directory Certificate Authority. Otherwise, we have to enroll for a certificate from external certificate authority (CA) such as Comodo SSL and Go Daddy SSL.

Signing Certificate Request with Private Key

When we create a certificate enrollment to external CA, don’t forget to sign it with a private key. We already wrote an article about this here: Signing Certificate Request with Private Key. If we forget to sign our certificate request with a private key, we won’t be able to use the server certificate in IIS for securing a website.

Install Certificate on IIS

When the certificate is ready, there should be two certificate files sent by CA to you. Each CA has different instruction on how to install those files. We enrolled the certificate from Go Daddy, so we followed their KB on how to install certificate to IIS 8 here: Installing an SSL Certificate in Microsoft IIS 8.

Create Alternate Access Mapping for Secured Site

When we are done with installation of server certificate on IIS, we should configure SharePoint to use it. Our SharePoint previously uses port 80, so to be able to use SSL (port 443), we have to create an alternate access mapping from SharePoint Central Administration:

Alternate Access Mapping

Note: don’t forget to add an entry in DNS if you use FQDN for the new alternate access mapping URL.

Redirect HTTP Access to HTTPS

If you plan to allow only HTTPS connection, then you have to redirect all HTTP access to HTTPS. You can do this from IIS Redirection feature:

IIS Redirection

Source: Securing a SharePoint Site with SSL

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s