Configuring a SharePoint website to allow SSL connections
This is the second in a series of posts on securing mixed SSL sites in SharePoint. This post will cover how to configure a SharePoint forms based web application to allow SSL/HTTPS connections. The process involves setting up an SSL certificate and configuring IIS and SharePoint to allow requests over HTTPS.
The following steps assume that you have a SharePoint web application already set up using forms based authentication. If you need details on how to do this see the article on Technet titled “Forms Authentication in SharePoint Products and Technologies”. We will be using IIS 7 in this example but a similar process can be followed using IIS 6 using the SelfSSL utility. As mentioned in the previous article this will differ if you are using off-box SSL termination and/or already have a registered SSL certificate.
Architectural overview
The following diagram shows the logical architecture for the setup that will be covered. The default web application is configured at www.company.com and uses forms based authentication with a SQL database to store membership and role information. This web application allows anonymous access and is exposed to the public over the internet. The default web application has been extended onto a second IIS web site at author.company.com that is configured to use Windows authentication. This is a simple configuration that allows internal users to enter content on a separate site that is not available externally. Other configurations are possible (including using content deployment) but aren’t in the scope of this article.
The first step we will cover is shown on the right of the diagram and involves adding an additional binding to the www.company.com web site in IIS and adding an alternate access mapping to the web application in SharePoint.
Associate an SSL certificate with the IIS website
On a production environment you will obviously need to purchase a SSL certificate for the domain that you wish to secure but on a development environment an easy way to mimic this is to create a self signed certificate.
Create a new Self Signed Certificate for the existing web application
1. Click on the root node in IIS 7 Manager and select the “Server Certificates” icon in the feature pane on the right:
2. Click the “Create Self-Signed Certificate…” link on the right hand side of the page
3. Enter a name (I’m using www.company.com in this example) and click OK. You should see your certificate appear in the list of server certificates.
4. Select the IIS site that is running the SharePoint application and click on the “Bindings…” link on the right hand side of the page
5. To enable SSL click “Add”, select “https” and select the SSL certificate we created earlier:
6. Click OK. At this point we have configured IIS to allow connections to this site over SSL but we need to let SharePoint know to map these requests to the correct web application.
Configure SharePoint to accept requests over HTTPS
7. Navigate to Central Administration > Operations, select “Alternate Access Mappings” and click “Edit Public URL’s”
8. Select the Alternate Access Mapping Collection for the FBA web application and enter the relevant HTTPS address (e.g. My FBA site is located at http://www.company.com as an example so I would enter https://www.company.com). It is up to you which Zone you put the URL in as this doesn’t affect anything and is just there to help you remember what they are each used for.
9. That’s it! You should now be able to browse to your site using SSL. If you are using a self signed certificate you will first be presented with a certificate warning so click on the “Continue to this website (not recommended)” link and your site will be displayed.
Now we can browse to our site over HTTP and HTTPS but will need to do some more work to ensure that the right protocol is used for each page. We need to ensure that pages displaying or sending sensitive information like passwords and/or address details are delivered over HTTPS, but pages such as the homepage are delivered via HTTP to avoid the additional processing encrypting and decrypting these non-sensitive pages.
Additional Resources:
- MSDN covers the process of setting up a forms authenticated site in their article “Forms Authentication in SharePoint Products and Technologies (Part 1): Introduction”
- The SharePoint Team blog covers Alternate Access Mappings in more detail in their article “What every SharePoint administrator needs to know about Alternate Access Mappings (Part 1 of 3)”
- Scott Guthrie has a more detailed explanation of how to enable self signed certificates using IIS 7.0
[…] Configuring a SharePoint website to allow SSL connections […]
SharePoint Kaffeetasse 171 - Michael Greth [SharePoint MVP] - SharePointCommunity
17 Mar 10 at 3:33 pm
[…] Configuring a SharePoint web application to allow SSL connections. […]
Securing mixed SSL sites in SharePoint at SharePoint Config
18 Mar 10 at 2:38 pm
Great job! Very detailed and clear instructions.
ML
16 Jun 10 at 8:37 pm
Do we really need to add a 3rd AAM if we’re doing SSL offloading?
Ken
18 Aug 11 at 9:00 pm
@Ken this post doesn’t cover SSL offloading – if you are using a separate server to perform the SSL encryption/decryption then the following article from the SharePoint team is worth a read – What every SharePoint administrator needs to know about AAM.
Ari Bakker
21 Aug 11 at 8:18 pm
First of all: thank you, ari, for this series!
it’s a great help for a newbie in securing sharepoint-sites!
as i’m trying out your “walkthrough”, i had to find out, that the way to reach the “Alternate Access Mappings” has changed (probably with SP1??).
I had to go over there in this way:
SP-CA -> SystemSettings -> FarmManagement -> configure alternate access mappings.
Maybe you would change this in your article??
Greetz,
Gaylord
Gaylord Josupeit
6 Jan 12 at 9:18 am
@Gaylord – thanks for the tip, this was written for SharePoint 2007 and it sounds like you are using SharePoint 2010 so the steps will be slightly different but should still work.
Ari Bakker
7 Jan 12 at 2:01 pm
Hi Thanks for writing this!
In SharePoint 2010 Central Administration:
Application Management on the LEFT site to bring up Web Applications category with Configure Alternate Access Mappings option.
Hope this helps someone.
gare
2 Nov 12 at 4:22 pm
Thanks!
@Gary
15 Aug 13 at 2:59 pm
Thanks for this step by step walk-through!
To Configure SSL Certificates in SharePoint 2010 for HTTPS Access – Step by Step, this article could help: http://salaudeen.blogspot.com/2012/03/configuring-ssl-certificates-in-sharepoint-2010.html
SPAdam
15 Aug 13 at 3:20 pm
[…] Configuring a SharePoint website to allow SSL connections […]
SharePoint Tutorials – Technical Articles
18 Jul 16 at 12:42 pm
You Will Extend A Sharepoint Site
[…] re membership and role information. This web application allows anonymous access […]
Implementing Blog
13 Apr 17 at 9:24 am
[…] https://www.digicert.com/ssl-certificate-installation-microsoft-sharepoint-2013.htmhttp://www.sharepointconfig.com/2010/03/configuring-a-sharepoint-website-to-allow-ssl-connections/https://griffindocs.wordpress.com/2013/03/20/sharepoint-2013-how-to-add-ssl-to-a-web-application/http://blogs.msdn.com/b/fabdulwahab/archive/2013/01/21/configure-ssl-for-sharepoint-2013.aspx […]
Installing SharePoint 2013 in a two-tier topology – A random blog from a sysadmin
11 Jun 18 at 7:33 am