IT tutorials
 
Applications Server
 

Microsoft Sharepoint 2013 Authentication (part 3) - Configuring a Claims Web Application - Configuring SSL for SharePoint

12/23/2014 8:06:53 PM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

Configuring SSL for SharePoint

When dealing in any kind of web-based security, we must rely on the industry standard use of Secure Socket Layer, which operates via the use of X509 Public/Private key certificates.

SharePoint 2013 supports use of SSL, and it is a requirement when integrating federated authentication. To establish a certificate for SSL, the process typically goes something like this:

  1. An administrator exports a Certificate Server Request (CSR) from IIS for a given application and domain name.
  2. The administrator sends the CSR to a trusted authority, such as VeriSign.
  3. The trusted authority validates the authenticity of the purchaser via a series of security protocols.
  4. With trust established, the trusted authority generates a new SSL certificate for the purchaser’s domain name and signs it as trusted.
  5. The administrator installs the certificate in IIS.
  6. Users who request secure pages from the organization’s application can trust returned data because the encryption certificate is trusted from a well-known source—VeriSign or other root certificate provider.

Note  For more information on purchasing an SSL certificate, visit http://verisign.com.

For development purposes and demonstration, purchasing of an SSL certificate might seem overkill. Fortunately, we can generate self-signed certificates, via IIS. These self-signed certificates are untrusted, because a trust source has not signed them, but they provide a suitable free alternative for demonstration and development. The following steps detail how to create a self-signed certificate for SharePoint 2013, via IIS:

  1. Open Internet Information Service Manager 7.
  2. Click the server name in the left navigation tree and then double-click the Server Certificates icon on the right, under IIS section (Figure 4).

    9781430249412_Fig08-06.jpg

    Figure 4. Server certificates in IIS

  3. Click the link to create a self-signed certificate.
  4. Give the certificate a friendly name, and then click the OK button.
  5. Double-click the Self-signed certificate to see the details.
  6. Click the Details tab and then click the button to copy the certificate to a file.
  7. Click the Next button.
  8. Select the option to not export the private key, then click the Next button.
  9. Choose the export format (I chose the default DER format) and then the Next button.
  10. Give the certificate a file name and browse to a location on disk.
  11. Click the Next button, then Finish button to export the certificate to the file.
  12. Open the Microsoft Management Console (MMC.exe).
  13. Add the certificates snap-in for the computer account and local machine.
  14. Import the certificate into the Trusted Root Certificate Authorities node.
  15. Import the certificate into the SharePoint node.

    In the preceding steps, we have created a new certificate and allowed the local server to trust the certificate by adding it to the Trusted Root Certificate Authorities store. This avoids annoying messages in Internet Explorer about untrusted certificates. Even though we trust the certificate, we have to inform SharePoint it may trust the certificate also, via the steps that follow:

     Note  Never use self-signed certificates in production or non-development environments.

  16. Open Central Administration.
  17. Click the Security header.
  18. Click the link to manage trust.
  19. Click the new icon from the ribbon.
  20. Provide a friendly name and browse for the certificate (CER) file in the dialog shown in Figure 5.
  21. Click OK.

    9781430249412_Fig08-07.jpg

    Figure 5. New certificate in Manage Trust

    Now, we need to associate our new self-signed certificate with our web application in IIS, as follows:

  22. Return to IIS Management.
  23. Click the SharePoint application in the left navigation, under Sites.
  24. Click the Bindings link (on the far right).
  25. Click the Add button.
  26. Choose HTTPS, and select the certificate to use (Figure 6).
  27. Click OK to complete the binding configuration.

    9781430249412_Fig08-08.jpg

    Figure 6. Add an HTTPS binding

    Lastly, with the new SSL domain binding in place, we must create a new Alternate Access Mapping for the application so SharePoint understands requests coming in on the new SSL URL:

  28. Open Central Administration.
  29. Click the Application Management heading.
  30. Click the link to configure alternate access mappings.
  31. Click the button to edit public URLs.
  32. Change the Alternate Access Mapping Collection for the correct web application.
  33. Choose an empty zone and add the HTTPS URL (this should be the full domain name that is listed for the self-signed certificate in IIS)—see Figure 7.

    9781430249412_Fig08-09.jpg

    Figure 7. Configure AAM for HTTPS

  34. You can now access your web application on the new HTTPS/SSL URL.

Note  If you access your SharePoint Web Application from another machine, the certificate is untrusted, unless you repeat the preceding steps 12 to 14 for the machine you are using.

 
Others
 
- Microsoft Sharepoint 2013 Authentication (part 2) - Configuring a Claims Web Application - Creating a New CBA Application, Configuring an Existing CBA Web Application
- Microsoft Sharepoint 2013 Authentication (part 1) - Legacy Approach—Classic Mode Authentication
- Microsoft Sharepoint 2013 : Claims-Based and Federated Authentication - Digital Identity
- Exchange Server 2013 Management and Maintenance Practices (part 7) - Weekly Maintenance, Monthly Maintenance, Quarterly Maintenance
- Exchange Server 2013 Management and Maintenance Practices (part 6) - Prioritizing and Scheduling Maintenance Best Practices
- Exchange Server 2013 Management and Maintenance Practices (part 5) - Message Tracking
- Exchange Server 2013 Management and Maintenance Practices (part 4) - SMTP Logging
- Exchange Server 2013 Management and Maintenance Practices (part 3) - Auditing the Environment
- Exchange Server 2013 Management and Maintenance Practices (part 2) - Remote Connectivity Analyzer
- Exchange Server 2013 Management and Maintenance Practices (part 1) - Maintenance Tools for Exchange Server 2013
 
Youtube channel
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS