Back in October I was tasked with installing an Intranet / Extranet for a customer. Installing and configuring the SharePoint was all done, the customer however required secure communication over the extranet so external users could communicate securely over http.
This blog article will detail how I set up SSL (Secure Socket Layer) and shall furthermore describe how SSL works.
Firstly, I extended the Intranet URL to the Extranet Zone. This ensured that the external users could access the same information as Internal Users.
(When you extend a zone, SharePoint automatically creates an Alternate Access Mapping (AAM) , this basically tells SharePoint how to map the request to a URL)
1. Highlight the web application you wish to extend and select the extend tab from the ribbon
2. From the Next screen I populated the following fields
Ensure the Extended Zones is configured to run on SSL
Once your IIS site is created, you can attach you Certificate to the site.
3. To create the Certificate, in IIS click ‘Create Certificate Request’
Populate the Distinguished Name Properties (as below) and Click Next
Save the .txt file. The txt should be used to request the certificate from a verified issuer such as VeriSign or GoDaddy.
4. Ensure the certificate is imported onto the Local Machine and placed in the Personal Store.
5. Head back into IIS and double click Server Certificates.
Your Certificate will be visible.
7. Your Certificate is now attached to your Web Application.
(Move the Certificate into the Trusted Authority Store)
8. Navigate to your Extended SharePoint site and assuming you have your DNS records set up; it should load with problems with the green padlock 🙂 (as below)
Now having set all that up; what does attaching a certificate to the SharePoint server actually do?
1. Your computer makes a request to access the http://extranet.domain.com site
2. The server where the certificate is installed for http://extranet.domain.com issues a Public Key to the requesting computer.
3.Your Computer then encrypts the data with the Public Key (that was sent from the server) and sends data back to the server.
4. The Server then decrypts the data using the Private Key – and only the server with the Private Key can decrypt the data..
If anyone intercepts the data in between, the data will be ‘Jibberish’. The Private Key is the only way the data can be decrypted.