Recently here at Smith we have started to ramp up our internal SharePoint use. One of our first problems was determining if we were going to have external access. Shortly after bringing this question, we came to the realization in today's day and age with ActiveSync and other tools it was almost mandatory. So how do we secure SharePoint, yet still make it fully user friendly and usable? Ultimately it came down to lets use SSL to secure our communications and call it good, so that's what we did. This article will go into further explanation as to how we did that.
Before we get started, there are going to be a few assumptions:
- SSL Certificate is already imported into IIS.
- Port 443 is configured to point to the SharePoint web application.
- Web Applications are using Host Headers.
- We will call our SharePoint application in question (SP Site)
So lets get started!
Open IIS 7.0
Right Click on the SP Site and select "Bindings".
Click on "Add" and select https for type and select the SSL Certification mentioned under assumptions.
Hit ok
Now we have to change the original http binding to a random or unused port, in this example i will use 1234.
Create a http to https redirector
Now the fun part, actually get a site re-director working!
Select the Sites node under IIS, right click and select "Add Web Site"
The following information is not important, but its a good idea to make the site name descriptive, and physical path to make sense, such as the default inetpub directory. Just make sure the host name is correct.
Select your newly created site, click HTTP Redirect
Make sure to put your SP Site https url in the redirect requests destination. And select apply.
So now your SharePoint-redirct, which should be the only port 80 application on the SharePoint server will be redirecting to the 443 port on your actual SP Site.
The only thing left to take into consideration for changes is the SharePoint application itself, and making sure no logos are still looking for http, and that the central administration knows everything is now https and not http.
Under Central Administration - Application Management - Alternate Access Mappings be sure to adjust the URLS to Https. Search indexing will need to be adjusted as well. But that is for another time.
I hope you enjoyed my article, be sure to +1 and signup, my next article will be on how to get SharePoint to autologin in your environment, but still be secure for external access.
Open IIS 7.0
Right Click on the SP Site and select "Bindings".
Click on "Add" and select https for type and select the SSL Certification mentioned under assumptions.
Hit ok
Now we have to change the original http binding to a random or unused port, in this example i will use 1234.
Create a http to https redirector
Now the fun part, actually get a site re-director working!
Select the Sites node under IIS, right click and select "Add Web Site"
The following information is not important, but its a good idea to make the site name descriptive, and physical path to make sense, such as the default inetpub directory. Just make sure the host name is correct.
Select your newly created site, click HTTP Redirect
Make sure to put your SP Site https url in the redirect requests destination. And select apply.
So now your SharePoint-redirct, which should be the only port 80 application on the SharePoint server will be redirecting to the 443 port on your actual SP Site.
The only thing left to take into consideration for changes is the SharePoint application itself, and making sure no logos are still looking for http, and that the central administration knows everything is now https and not http.
Under Central Administration - Application Management - Alternate Access Mappings be sure to adjust the URLS to Https. Search indexing will need to be adjusted as well. But that is for another time.
I hope you enjoyed my article, be sure to +1 and signup, my next article will be on how to get SharePoint to autologin in your environment, but still be secure for external access.
No comments:
Post a Comment