This blog post was originally written in December 2014 – The post was copied from my old blog (Which is no longer active) site to here

Before reading any further, I strongly recommend you test, test and test this before implementing in a Production Environment as per my Disclaimer

Back in 2014, I was tasked with installing an Intranet / Extranet for a customer.  Installing and configuring the SharePoint 2013 (on-premise) was all done, the customer however required secure communication over the extranet so external users could communicate securely over http.
This blog article will detail how I set up SSL (Secure Socket Layer) and shall furthermore describe how SSL works.

Extend the Web Application Zone

Firstly, I extended the Intranet URL to the Extranet Zone.  This ensured that the external users could access the same information as Internal Users.
(When you extend a zone, SharePoint automatically creates an Alternate Access Mapping (AAM), this basically tells SharePoint how to map the request to a URL)

1. Highlight the web application you wish to extend and select the extend tab from the ribbon

Extend Web Application

2. From the Next screen I then populated the following fields

Ensure the Extended zones is on Port Is 443

Extended Web App Name

Ensure the Extended Zones is configured to run on SSL

Check the URL and the zone is correct

Extended Zone on SSL

Once you Click OK – SharePoint will create an additional zone for you in IIS (as below)

Extended Zone in IIS

Create your IIS Certificate

3. To create the Certificate, in IIS click ‘Create Certificate Request’

Create Certificate

Populate the Distinguished Name Properties (as below) and Click Next

Distinguished Name

Save the .txt file. The txt should be used to request the certificate from a verified issuer such as VeriSign or GoDaddy.

Install Certificate

3. Once your certificate .cer file is on the web server, right click it and select Install Certificate. (If you have multiple WFE servers, do this step on all of them)

Install Certificate

4. Ensure the certificate is imported onto the Local Machine and placed in the Personal Store.

Install Certificate
Place in Personal Store

5. Head back into IIS and double click Server Certificates.

IIS – Server certificates

Your Certificate will be visible.

Edit SharePoint Bindings

6. Go back to the extended SharePoint Site, Right Click and select Edit Bindings

Edit Bindings

select Edit

Edit Zone

Select your certificate from the SSL dropdown and Select OK.

Select Certificate

7. Your Certificate is now attached to your Web Application.

Move the certificate into the Trusted Authority Store

8. Navigate to your Extended SharePoint site and assuming you have your DNS records set up; it should load with problems with the green padlock (as below)

SSL – Security Padlock

How to SSL Work?

Now having set all that up; what does attaching a certificate to the SharePoint server actually do?

1. Your computer makes a request to access the site

2. The server where the certificate is installed for issues a Public Key to the requesting computer.

3.Your Computer then encrypts the data with the Public Key (that was sent from the server) and sends data back to the server.

4. The Server then decrypts the data using the Private Key – and only the server with the Private Key can decrypt the data.

If anyone intercepts the data in between, the data will be ‘Jibberish’.  The Private Key is the only way the data can be decrypted.