SSL & SharePointIT:Network:Applications

Agenda

• Secure Socket Layer

• Encryption 101

• SharePoint Customization

• SharePoint Integration

What is Secure Socket Layer?

• SSL is the standard technology to create an encrypted link between a web server and a browser.• All data passed between server and client is private

• Requires a SSL certificate

• Creating a SSL certificate includes:• Completing several questions regarding the identity of your site and

complany

• Web server creates two keys, public and private known as asymetric encryptiong

• SSL has been succeeded by Transport Layer Security (TLS) which is based on SSL

Encryption 101

• Single Key (Symmetric) encryption• One “key” or passphrase used to encrypt and decrypt

• FAST – good for large amounts of data

• How do you get the key across the network?

• Ex: AES, DES, DES3• Advanced Encryption Standard

• Data Encryption Standard

• Triple DES

• Dual key (or Asymmetric or public key) encryption• Two mathematically related keys

• Public – used to encrypt / verify signature• Everyone knows public key

• Private – used to decrypt / sign• Only sender/receiver have private key

• Slower functioning – not applicable for entire files

• Ex: RSA, DSA

Encryption 101

Asymmetric Encryption

• Alice sends data and encrypts with Bobs public key

• Can give public key to anyone

• Bob receives Alice’s encrypted data.

• Bob decrypts Alice’s data with private key

• Only Bob has private key – Only Bob can decrypt request!

Encyption 101

How do you know it’s my public key?

• “Bad” server could claim to be web server for my bank

• “Here’s my public key, encrypt your account and send it to me”• Why do we listen to the request?

• Sent from a “trusted” site. Ie. A site “resembling” your bank

Encryption 101

Certificates

• Digital construct (X.509) that contains my public key and other info

• Subject: who owns this key

• Valid dates: start and expire

• Issuer of certificate

• etc

• Issuer is someone we both trust• Browser recognized issuer, accepts cert

• Browser doesn’t recognize issuer, rejects cert• Usually asks User what to do

Encryption 101

How get cert

• VeriSign, DigiCert, Thawte, GoDaddy etc• Pay them and they give you

cert

• Usually underwritten by big bank – TRUST

• Recognized by most browsers – good for outside

• Gen your own• e.g., Microsoft Certertificate

Server (this is what we will do)• Microsoft CA (Certificate

Authority)

• e.g., OpenSSL – comes with Linux

Encryption 101

Microsoft Certificate Service

• Issues certificates for you – Acts as Certificate Authority (CA)

• Can implement a CA hierarchy• Root server is at top – issues certs for other CA’s

• Subordinate CA • Gets cert from “higher” CA – sort of like introducing it

• Issues certs for “lower” CA’s & end servers

• Can be Enterprise or Standalone• Enterprise requires a Domain Controller/Active Directory (Domain

Member?)• Can automate issuing of some certs

• Stand-alone can be on any Microsoft Server• Must do “issuing” yourself

Encryption 101

• Two methods:• Self Signed

• Request Certificate

Encryption 101

Request Cert for Web site

• Create Request

Encryption 101

• Select Provider

Encryption 101

• Provide Name

Encryption 101

• Certificate for web site request

Encryption 101

Creating Self Signed

• Server CertificatesCreate Self SignedProvide nameEdit Site Bindings

Encryption 101

Secure Web!

• Browse by https:

SharePoint Customization

• Site collectionsgroup of Web sites that have the same owner and share administration settings, for example, permissions. When you create a site collection, a top-level site is automatically created in the site collection. You can then create one or more subsites below the top-level site.• Can be created through

• Central Administration

• PowerShell

• SharePoint provides site collection templates for the following categories:

• Collaboration

• Meetings

• Custom

Sharepoint Email integration

• Configure outgoing mail

• SharePoint sends/receives emails for several reasons

• Create alerts to track site items such as lists, libraries and documents

• Site administrators can receive messages about site administrator issues such as site owners exceeding their storage space

Sharepoint Email integration

Configure incoming mail

• 4 step process

1. Enable incoming email in SharePoint

2. Install the SMTP service on one of the SharePoint web servers

3. Configure Exchange to forward messages to SharePoint

4. Specify which lists and libraries will be mail enabled

• More next week on this topic