Wednesday, November 3, 2010

SharePoint and SSL

Following our IT Security team guidelines, I have finally decided to migrate one of our WSS 3.0 websites to the HTTPS protocol. The procedure is a little bit complicated, because I had to modify SharePoint configuration first and only then proceed to setup the Security Certificate in IIS 6.0.

Start by running SharePoint 3.0 Central Administration, then select Application Management and choose the option 'Create or extend web application':

Select 'Extend an existing web application':

Parameter a new web site on port 443 and force the use of Secure Socket Layer (SSL):

Verify under 'Alternate Access Mappings (AAM)' that the new HTTPS site is properly listed:

Once you have properly set this parameters for WSS, open the Internet Information Server mmc and select the website that SharePoint has just created for you:

Right click on it and click Properties. Then select the Directory Security tab and click on 'Server Certificate':

Prepare the request for a new certificate as follow:

Send the generated certreq.txt file to you Security Manager and ask him to send you back the certificate that you will load for the new secured WSS website (On the Pending Certificate Request page, select the Process the pending request and install the certificat).

Most of the configuration is now done. Next step is to go once again to the Properties window for the new WSS website, select 'Directory Security' and click on 'Edit'. Now, in Secure Communications window, check 'Required secure channel (SSL)' and 'Required 128-bit encryption'.

That's all. Now you have a double access mapping! One on http and on on https. I will post someday about ways of forcing visits to go over https only.

For further information on SSL, check here. For further information on WSS, check here.

I hope this post will help you.

Update: know that when adding SSL to your SharePoint website, you could start getting problems with WebDav access. This is because WebDav cannot travel on SSL and therefore the only way to access content is via a mysterious old protocol called FPRPC: FrontPage Server Extensions Remote Procedure Call. This protocol has been designed long before WebDav.
So, to resume, the two protocols that are capable of directly manipulating files stored in SharePoint are:
  • WebDAV (Web Distributed Authoring and Versioning): WebDAV is a simple extension to the HTTP protocol based on a public specification. It provides an extended vocabulary that defines how basic file functions, such as copy, move, delete, and create folder, are performed across HTTP. It is restricted to port 80.
New WebDav
  • FPRPC (FrontPage Server Extensions Remote Procedure Call): FPRPC provides WebDAV capabilities using extensions to the HTTP vocabulary, but it also has the ability to embed more complex Remote Procedure Call (RPC) communications in the data portion of the packet. It can work with SSL.
Old FPRPC: The folders have the older, flat appearance of Windows 98

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...