Last week, I got some questions from SharePoint administrators which related to their users access SharePoint server from external connection but they can not see some contents.

And another questions on how to secure access connection to SharePoint server with https access, so any messages send and receive should be encrypted.

Actually, for the first concerns, we need make sure that SharePoint external mapping configuration must be setup correctly beside DNS configuration. And in another hand, external connection should be secured via SSL certificate with https access. This is the second concern. In this post, I will show you how to get it done and meet your expectation.

Creating Self-signed SSL certificate:

For https configuration, we need order a publish SSL certificate from SSL certificate provider such as VeriSign, GeoTrust, CyberTrust, … Or issued by themselves for their hosting domain.

On development/Intranet servers we can use Self signed certificates. By default, Self-signed SSL Certificates have expiry date of 1 year. You can further provide custom parameters to SelfSSL.exe and generate Self-signed SSL certificates.

Steps to Create Self-Signed Certificate:
1. Logon to your Web Front End Server

2. Click on the Start menu >> Administrative Tools, and then click on Internet Information Services (IIS) Manager.

3. Click on the server in the Connections column on the left, Double-click on Server Certificates.

4. In the Actions column on the right, click on Create Self-Signed Certificate…

ServerCertificates

5. Enter any friendly name (e.g.  “Intranet Certificate” and then click OK.

IntranetCertificate

6. This will now create a New Self Signed Certificate valid for 1 year listed under Server Certificates. The certificate common name (Issued To) will be the server name.

ListOfCertificates

Edit the Binding of the web application in IIS

1. In the IIS Manager Console: Expand the Server and Site nodes and click the website you want to assign the certificate to. Click on Bindings… in the right column.

EditBinding

2. Click on the Add… button in Site Bindings dialog box

Add

3. Change the Type to https and select the SSL certificate that you just created. Click OK.

Change

4. Now, you will see the binding for port 443 listed. Optionally, you can remove the HTTP binding in order to tighten the security. Click Close.

Binding

We can force the website to use ONLY HTTPS protocol by selecting SSL Settings of the website and then choose “Require SSL”

RequireSSL

 

 

Configure Access Mapping from SharePoint Administration

1.       Go to Alternate Access Mappings: Central Administration >> Application Management >>Alternate Access Mapping.

Access Mapping

2.       Select the web application in the right most drop down and click on “Add Internal URLs”

SelectWebApp

3.  Add a new URL with HTTPS, here I have added https://intranet.mydomain.vn and select a zone, here I have  selected Intranet zone. Then HarveyNash Intranet collection will show the list of URLs with zones.

AddUrl

 

For the external connection like Internet, just repeat step 2, 3 with corresponding  URL.

Hope it help!!!

Hoang Nhut Nguyen

Email: nhutcmos@gmail.com

Skype: hoangnhut.nguyen