This blog post was originally written in December 2014 – The post was copied from my old blog (Which is no longer active) site to here
Before reading any further, I strongly recommend you test, test and test this before implementing in a Production Environment as per my Disclaimer
Back in 2014, I was tasked with installing an Intranet / Extranet for a customer. Installing and configuring the SharePoint 2013 (on-premise) was all done, the customer however required secure communication over the extranet so external users could communicate securely over http.
This blog article will detail how I set up SSL (Secure Socket Layer) and shall furthermore describe how SSL works.
Extend the Web Application Zone
Firstly, I extended the Intranet URL to the Extranet Zone. This ensured that the external users could access the same information as Internal Users.
(When you extend a zone, SharePoint automatically creates an Alternate Access Mapping (AAM), this basically tells SharePoint how to map the request to a URL)
1. Highlight the web application you wish to extend and select the extend tab from the ribbon
2. From the Next screen I then populated the following fields
Ensure the Extended zones is on Port Is 443
Ensure the Extended Zones is configured to run on SSL
Check the URL and the zone is correct
Once you Click OK – SharePoint will create an additional zone for you in IIS (as below)
Create your IIS Certificate
3. To create the Certificate, in IIS click ‘Create Certificate Request’
Populate the Distinguished Name Properties (as below) and Click Next
Save the .txt file. The txt should be used to request the certificate from a verified issuer such as VeriSign or GoDaddy.
Install Certificate
3. Once your certificate .cer file is on the web server, right click it and select Install Certificate. (If you have multiple WFE servers, do this step on all of them)
4. Ensure the certificate is imported onto the Local Machine and placed in the Personal Store.
5. Head back into IIS and double click Server Certificates.
Your Certificate will be visible.
Edit SharePoint Bindings
6. Go back to the extended SharePoint Site, Right Click and select Edit Bindings
Select your certificate from the SSL dropdown and Select OK.
7. Your Certificate is now attached to your Web Application.
Move the certificate into the Trusted Authority Store
8. Navigate to your Extended SharePoint site and assuming you have your DNS records set up; it should load with problems with the green padlock (as below)
How to SSL Work?
Now having set all that up; what does attaching a certificate to the SharePoint server actually do?
1. Your computer makes a request to access the http://extranet.domain.com site
2. The server where the certificate is installed for http://extranet.domain.com issues a Public Key to the requesting computer.
3.Your Computer then encrypts the data with the Public Key (that was sent from the server) and sends data back to the server.
4. The Server then decrypts the data using the Private Key – and only the server with the Private Key can decrypt the data.
If anyone intercepts the data in between, the data will be ‘Jibberish’. The Private Key is the only way the data can be decrypted.
Leave a Reply