SharePoint Config

Ari Bakker's thoughts on customising and configuring SharePoint

Configuring a SharePoint website to allow SSL connections

with 10 comments

This is the second in a series of posts on securing mixed SSL sites in SharePoint. This post will cover how to configure a SharePoint forms based web application to allow SSL/HTTPS connections. The process involves setting up an SSL certificate and configuring IIS and SharePoint to allow requests over HTTPS.

The following steps assume that you have a SharePoint web application already set up using forms based authentication. If you need details on how to do this see the article on Technet titled “Forms Authentication in SharePoint Products and Technologies”. We will be using IIS 7 in this example but a similar process can be followed using IIS 6 using the SelfSSL utility. As mentioned in the previous article this will differ if you are using off-box SSL termination and/or already have a registered SSL certificate.

Architectural overview

The following diagram shows the logical architecture for the setup that will be covered. The default web application is configured at www.company.com and uses forms based authentication with a SQL database to store membership and role information. This web application allows anonymous access and is exposed to the public over the internet. The default web application has been extended onto a second IIS web site at author.company.com that is configured to use Windows authentication. This is a simple configuration that allows internal users to enter content on a separate site that is not available externally. Other configurations are possible (including using content deployment) but aren’t in the scope of this article.

sharepoint-fba-ssl-architecture

The first step we will cover is shown on the right of the diagram and involves adding an additional binding to the www.company.com web site in IIS and adding an alternate access mapping to the web application in SharePoint.

Associate an SSL certificate with the IIS website

On a production environment you will obviously need to purchase a SSL certificate for the domain that you wish to secure but on a development environment an easy way to mimic this is to create a self signed certificate.

Create a new Self Signed Certificate for the existing web application

1. Click on the root node in IIS 7 Manager and select the “Server Certificates” icon in the feature pane on the right:

clip_image002

2. Click the “Create Self-Signed Certificate…” link on the right hand side of the page

clip_image004

3. Enter a name (I’m using www.company.com in this example) and click OK. You should see your certificate appear in the list of server certificates.

clip_image006

4. Select the IIS site that is running the SharePoint application and click on the “Bindings…” link on the right hand side of the page

5. To enable SSL click “Add”, select “https” and select the SSL certificate we created earlier:
clip_image007

6. Click OK. At this point we have configured IIS to allow connections to this site over SSL but we need to let SharePoint know to map these requests to the correct web application.

Configure SharePoint to accept requests over HTTPS

7. Navigate to Central Administration > Operations, select “Alternate Access Mappings” and click “Edit Public URL’s”
clip_image009

8. Select the Alternate Access Mapping Collection for the FBA web application and enter the relevant HTTPS address (e.g. My FBA site is located at http://www.company.com as an example so I would enter https://www.company.com). It is up to you which Zone you put the URL in as this doesn’t affect anything and is just there to help you remember what they are each used for.
clip_image011

9. That’s it! You should now be able to browse to your site using SSL. If you are using a self signed certificate you will first be presented with a certificate warning so click on the “Continue to this website (not recommended)” link and your site will be displayed.
clip_image013clip_image015

Now we can browse to our site over HTTP and HTTPS but will need to do some more work to ensure that the right protocol is used for each page. We need to ensure that pages displaying or sending sensitive information like passwords and/or address details are delivered over HTTPS, but pages such as the homepage are delivered via HTTP to avoid the additional processing encrypting and decrypting these non-sensitive pages.

Additional Resources:

Post to Twitter Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

Written by Ari Bakker

March 16th, 2010 at 12:26 pm

10 Responses to 'Configuring a SharePoint website to allow SSL connections'

Subscribe to comments with RSS or TrackBack to 'Configuring a SharePoint website to allow SSL connections'.

  1. [...] Configuring a SharePoint website to allow SSL connections [...]

  2. [...] Configuring a SharePoint web application to allow SSL connections. [...]

  3. Great job! Very detailed and clear instructions.

    ML

    16 Jun 10 at 8:37 pm

  4. Do we really need to add a 3rd AAM if we’re doing SSL offloading?

    Ken

    18 Aug 11 at 9:00 pm

  5. @Ken this post doesn’t cover SSL offloading – if you are using a separate server to perform the SSL encryption/decryption then the following article from the SharePoint team is worth a read – What every SharePoint administrator needs to know about AAM.

    Ari Bakker

    21 Aug 11 at 8:18 pm

  6. First of all: thank you, ari, for this series!
    it’s a great help for a newbie in securing sharepoint-sites!
    as i’m trying out your “walkthrough”, i had to find out, that the way to reach the “Alternate Access Mappings” has changed (probably with SP1??).
    I had to go over there in this way:
    SP-CA -> SystemSettings -> FarmManagement -> configure alternate access mappings.

    Maybe you would change this in your article??

    Greetz,
    Gaylord

    Gaylord Josupeit

    6 Jan 12 at 9:18 am

  7. @Gaylord – thanks for the tip, this was written for SharePoint 2007 and it sounds like you are using SharePoint 2010 so the steps will be slightly different but should still work.

    Ari Bakker

    7 Jan 12 at 2:01 pm

  8. Hi Thanks for writing this!

    In SharePoint 2010 Central Administration:

    Application Management on the LEFT site to bring up Web Applications category with Configure Alternate Access Mappings option.

    Hope this helps someone.

    gare

    2 Nov 12 at 4:22 pm

  9. Thanks!

    @Gary

    15 Aug 13 at 2:59 pm

  10. Thanks for this step by step walk-through!

    To Configure SSL Certificates in SharePoint 2010 for HTTPS Access – Step by Step, this article could help: http://salaudeen.blogspot.com/2012/03/configuring-ssl-certificates-in-sharepoint-2010.html

    SPAdam

    15 Aug 13 at 3:20 pm

Leave a Reply

*