Before we could jump in and discuss about how to add an SSL certificate to a SharePoint web application, how about a brief description on SSL certificates and it types and usage. So let’s start with what is an SSL Certificate first…
We all know that the usage of SSL Certificates has increased rapidly and henceforth the applications which make use of SSL Certificates has also indeed increased rapidly over a period of time.
Now the reason for organizations to use SSL certificates is quite obvious as it provides security/encryption to the content that is been viewed/accessed by the users.
Some organizations wish to use SSL to enhance trust in their security and identity, e.g. they want to show their customers that they have been vetted by an authorized certificate provider and are a legitimate organization.
So, What is an SSL Certificate?
SSL stands for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by an SSL Certificate.
So what is SSL used for? The SSL protocol is used by millions of e-Business providers to protect their customers, ensuring their online transactions remain confidential. A web page should use encryption expected to submit confidential data, including credit card details, passwords or any personal information. All web browsers have the ability to interact with secured sites so long as the site’s certificate is from a recognized certificate authority.
How to identify whether a site uses SSL Certificate?
When a digital certificate is installed on a web page, users will see a padlock icon in the browser address bar. When an Extended Validation Certificates is installed on a web site, the address bar will turn green during secure sessions.
Users on sites with SSL Certificates will also see : https:// in the address bar
What are the different types of SSL Certificates?
Extended Validation (EV) SSL Certificates: where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate, and includes:
- Verifying the legal, physical and operational existence of the entity
- Verifying that the identity of the entity matches official records
- Verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
- Verifying that the entity has properly authorized the issuance of the EV SSL Certificate
EV SSL Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
Organization Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Now, let’s jump into the steps to install SSL certificate to a SharePoint web application using IIS 8.
Note: The SSL Certificate provider in this case is DigiCert
- So first you need to start with saving the SSL Certificate file ((your_domain_name.cer) ) to the server on which the CSR was generated.
- Open Internet Information Services (IIS) Manager–>From the Start screen, type and click Internet Information Services (IIS) Manager.
- In Internet Information Services (IIS) Manager, under Connections, select your server’s Hostname.
4. On the main menu, under IIS section, double-click the Server Certificates
5. In the Actions menu, click Complete Certificate Request to open the Complete Request Certificate .
6. On the Specify Certificate Authority Response page, under File name containing the certification authority’s response, click … to browse to the .cer certificate file that DigiCert sent you, select the file, and then, click Open.
7.Next, in the Friendly name box, enter a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate. It’s recommended that you add DigiCert and the expiration date to the end of your friendly name, for example: (yoursite-DigiCert-expirationDate). This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
8.Next, in the Select a certificate store for the new certificate drop-down list, select Personal.
9.To install the SSL Certificate to the server, click OK.
10.Once you have successfully installed the SSL Certificate to the server, you still need use IIS manager to assign or bind that certificate to the SharePoint site.
11. Now, go to Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and then select the SharePoint site.
12.In the Actions menu, under Edit Site, click Bindings.
13. In the Site Binding window, click Add.
14. In the Add Site Bindings window, enter the following information:
|Type:||In the drop-down list, select https.|
|IP address:||In the drop-down list, select All unassigned( If you’re wondering about what “All unassigned “means, it simply means all IP addresses and not specially the IP address assigned to the current server alone )|
|If your server has multiple IP addresses, select the one that applies.|
|Port:||Enter 443, unless you are using a non-standard port for SSL traffic.|
|SSL certificate:||In the drop-down list, select the friendly name of the certificate that you just installed.|
15. When you are finished, click OK.
16. Once this is done, we need to install the root certificate on the SharePoint 2013 server.
17. For that, log into your certificate provider account. (I’m going with DigiCert here …)
18. Go to DigiCert® Management Console, under Order, click the order number for the SSL Certificate that you just installed.
19. On the My Orders tab, click Download.
20. In the Download Certificate section, click the Download or Copy/Paste Individual Certificates .
21. Next, click the ROOT CERTIFICATE icon.
22. In the Opening TrustedRoot.crt window, click Save File to save the file to your SharePoint server.
23. Once all this is done , go to SharePoint 2013 Central Administration
24. In SharePoint 2013 Central Administration, in the menu on the left, click Security and then, under General Security, click Manage trust.
25. On the Trust Relationships page, in the menu at the top of the page, click New.
26. In the Establish Trust Relationship window, in the General Setting section, in the Name box, type the name that you want to give the SSL Certificate.
27. In the Root Certificate for the trust relationship section, click Browse to browse for and select the root certificate (i.e. crt).
28. In the Establish Trust Relationship window, click OK.
29. If the certificate is installed successfully, it should be listed on the Trust Relationships page.
30. That’s it, you’re done!!!
Thanks for reading this post .Happy SharePointing!!!