By Bill Peters
AIS Network Director of Sales
SSL certificates create secure (HTTPS) connectivity between your Web server and your visitors’ browsers. If you are transmitting sensitive information via a Web site, such as Social Security numbers, credit card numbers or other personal information, you should secure it with SSL encryption to safeguard against others seeing your data. If you do not use an SSL certificate, then you are vulnerable.
In a SharePoint environment, SSL certificates can easily be added to a hosted site in order to secure it. There are different kinds of SSL certificates but I won’t address that in this blog. Rather, this is about SharePoint 2010 security and the recent request by one client that we add an SSL certificate to his existing hosted SharePoint site with us.
In preparation, I asked him what domain name he wanted on the SSL certificate. Unsure of my question, he responded, “Doesn’t the domain name have to match the domain of the (AISN) network?”
Here’s how I explained it to him. In his case, the server hosting his SharePoint is a member server in the Active Directory domain called aisn.local. Web sites which serve Web pages from this server (SharePoint included) can be addressed by either an IP address or a domain name. This Web site domain is not the same type of domain as the Active Directory domain in which the server resides. And actually, Active Directory domains such as aisn.local cannot be present on the Internet. The ‘.local’ indicates to the Internet that it is a private, not a public, domain name.
That said, it is possible to have an SSL Certificate for either type of domain. The real question is what are you going to use it for? That was for my client to decide.
As I explained to him, if you intend to use the SSL Certificate for Server Identification, then we can get a certificate for you for “yournamehere.aisn.local”. You would use this type of certificate when, for example, you remote desktop to the server. It would guarantee that you are connecting to the right server.
If, however, you want to use the SSL Certificate for identification of your SharePoint Site, then you can pick any public name you want. In this case, the domain must be registered publicly in order to get a public SSL Certificate.
So, for example, if you chose to address your SharePoint Site by the name “sp.yournamehere.com”, you would need to make sure that the domain name “yournamehere.com” is registered to you. Then, you can define “sp.yournamehere.com” in IIS on your SharePoint server. You would also need to configure the public DNS for yournamehere.com such that the “host” known as “sp” points to the IP address on the server.
That explanation seemed clarify things for him. I told him that I thought he was looking for the latter, but we do not know what his host and domain names are. It appeared to me that he was addressing his SP site by IP address currently. In order to assign an SSL certificate, it needs to have a full name. We cannot register it to an IP.
Have more questions about hosted SharePoint 2010 and hosted SharePoint security? Send me an email and I’d be happy to help.