190 likes | 337 Views
SSL & SharePoint. IT:Network:Applications. Agenda. Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration. What is Secure Socket Layer?. SSL is the standard technology to create an encrypted link between a web server and a browser.
E N D
SSL & SharePoint IT:Network:Applications
Agenda • Secure Socket Layer • Encryption 101 • SharePoint Customization • SharePoint Integration
What is Secure Socket Layer? • SSL is the standard technology to create an encrypted link between a web server and a browser. • All data passed between server and client is private • Requires a SSL certificate • Creating a SSL certificate includes: • Completing several questions regarding the identity of your site and complany • Web server creates two keys, public and private known as asymetric encryptiong • SSL has been succeeded by Transport Layer Security (TLS) which is based on SSL
Encryption 101 • Single Key (Symmetric) encryption • One “key” or passphrase used to encrypt and decrypt • FAST – good for large amounts of data • How do you get the key across the network? • Ex: AES, DES, DES3 • Advanced Encryption Standard • Data Encryption Standard • Triple DES • Dual key (or Asymmetric or public key) encryption • Two mathematically related keys • Public – used to encrypt / verify signature • Everyone knows public key • Private – used to decrypt / sign • Only sender/receiver have private key • Slower functioning – not applicable for entire files • Ex: RSA, DSA
Encryption 101 Asymmetric Encryption • Alice sends data and encrypts with Bobs public key • Can give public key to anyone • Bob receives Alice’s encrypted data. • Bob decrypts Alice’s data with private key • Only Bob has private key – Only Bob can decrypt request!
Encyption 101 How do you know it’s my public key? • “Bad” server could claim to be web server for my bank • “Here’s my public key, encrypt your account and send it to me” • Why do we listen to the request? • Sent from a “trusted” site. Ie. A site “resembling” your bank
Encryption 101 Certificates • Digital construct (X.509) that contains my public key and other info • Subject: who owns this key • Valid dates: start and expire • Issuer of certificate • etc • Issuer is someone we both trust • Browser recognized issuer, accepts cert • Browser doesn’t recognize issuer, rejects cert • Usually asks User what to do
Encryption 101 How get cert • VeriSign, DigiCert, Thawte, GoDaddyetc • Pay them and they give you cert • Usually underwritten by big bank – TRUST • Recognized by most browsers – good for outside • Gen your own • e.g., Microsoft Certertificate Server (this is what we will do) • Microsoft CA (Certificate Authority) • e.g., OpenSSL – comes with Linux
Encryption 101 Microsoft Certificate Service • Issues certificates for you – Acts as Certificate Authority (CA) • Can implement a CA hierarchy • Root server is at top – issues certs for other CA’s • Subordinate CA • Gets cert from “higher” CA – sort of like introducing it • Issues certs for “lower” CA’s & end servers • Can be Enterprise or Standalone • Enterprise requires a Domain Controller/Active Directory (Domain Member?) • Can automate issuing of some certs • Stand-alone can be on any Microsoft Server • Must do “issuing” yourself
Encryption 101 • Two methods: • Self Signed • Request Certificate
Encryption 101 Request Cert for Web site • Create Request
Encryption 101 • Select Provider
Encryption 101 • Provide Name
Encryption 101 • Certificate for web site request
Encryption 101 Creating Self Signed • Server CertificatesCreate Self SignedProvidenameEdit Site Bindings
Encryption 101 Secure Web! • Browse by https:
SharePoint Customization • Site collectionsgroup of Web sites that have the same owner and share administration settings, for example, permissions. When you create a site collection, a top-level site is automatically created in the site collection. You can then create one or more subsites below the top-level site. • Can be created through • Central Administration • PowerShell • SharePoint provides site collection templates for the following categories: • Collaboration • Meetings • Custom
Sharepoint Email integration • Configure outgoing mail • SharePoint sends/receives emails for several reasons • Create alerts to track site items such as lists, libraries and documents • Site administrators can receive messages about site administrator issues such as site owners exceeding their storage space
Sharepoint Email integration Configure incoming mail • 4 step process • Enable incoming email in SharePoint • Install the SMTP service on one of the SharePoint web servers • Configure Exchange to forward messages to SharePoint • Specify which lists and libraries will be mail enabled • More next week on this topic