SharePoint & SSL

Back in October I  was tasked with installing an Intranet / Extranet for a customer.  Installing and configuring the SharePoint was all done, the customer however required secure communication over the extranet so external users could communicate securely over https.
This blog article will detail how I set up SSL (Secure Socket Layer) and shall furthermore describe how SSL works.

Firstly, I extended the Intranet URL to the Extranet Zone.  This ensured that the external users could access the same information as Internal Users.
(When you extend a zone, SharePoint automatically creates an Alternate Access Mapping (AAM) , this basically tells SharePoint how to map the request to a URL)

1. Highlight the web application you wish to extend and select the extend tab from the ribbon

1.ExtendTab

2. From the Next screen I populated the following fields

Ensure the Extended zones is on Port Is 443
2.ExtendedURL

Ensure the Extended Zones is configured to run on SSL

3.UseSSL

Check the URL and the zone is correct
4.PublicURLandZone

Once you Click OK – SharePoint will create an additional zone for you in IIS (as below)5.IIS

Once your IIS site is created, you can attach you Certificate to the site.

3. To create the Certificate, in IIS click ‘Create Certificate Request’

15.NewCertificate

Populate the Distinguished Name Properties (as below) and Click Next

16.DistinguidedName

Save the .txt file. The txt should be used to request the certificate from a verified issuer such as VeriSign or GoDaddy.

3. Once your certificate .cer file is on the web server , right click it and select Install Certificate. (If you have multiple WFE servers, do this step on all of them)
6.InstallCertificate

4. Ensure the certificate is imported onto the Local Machine and placed in the Personal Store.

7.SelectLocalMachine
8.PersonalStore

5. Head back into IIS and double click Server Certificates.

13.IISServerCertificate

Your Certificate will be visible.

6. Go back to the extended SharePoint Site, Right Click and select Edit Bindings
9.EditBindings

select Edit
10.EditBindings2

Select your certificate from the SSL dropdown and Select OK.
11.SelectCertificate

7. Your Certificate is now attached to your Web Application.

(Move the Certificate into the Trusted Authority Store)

8. Navigate to your Extended SharePoint site and assuming you have your DNS records set up; it should load with problems with the green padlock 🙂 (as below)

https

Now having set all that up; what does attaching a certificate to the SharePoint server actually do?

1. Your computer  makes a request to access the http://extranet.domain.com site

2. The server where the certificate is installed for http://extranet.domain.com  issues a Public Key to the requesting computer.

3.Your  Computer then encrypts the data with the Public Key (that was sent from the server)  and sends data back to the server.

4. The Server then decrypts the data using the Private Key – and only the server with the Private Key can decrypt the data..
If anyone intercepts the data in between, the data will be ‘Jibberish’.  The Private Key is the only way the data can be decrypted.