locked
Running SharePoint Web Services under HTTPS/SSL RRS feed

  • Question

  • I'm looking for any information on how to setup bindings for SharePoint Web Service (IIS site) to run only on SSL. I also need to understand the implications of this approach... is this a security best practice ? Any Pros ans Cons ?  Didn't find any oficial Microsoft note about it!

    Thanks Everybody

    Vinicius

     

    Vinicius Paluch

    Tuesday, September 24, 2013 3:10 AM

Answers

  • There are a couple of approaches.  Do you have multiple Web Applications under the same domain?  Or multiple Web Applications under different domains?  Are you allowed to use Wildcard SSL certificates in your environment?  Do you have multiple IP addresses available?

    A specific SSL certificate in IIS 7.5 can only bind to a single IP:Port pairing (hence the use of a Wildcard SSL certificate to cover multiple IIS Web Site).

    In general, you would install the SSL certificate on each WFE, then change the Alternate Access Mapping to https://site.domain.com, as well as enable SSL under Authentication Providers in Central Administration.  Validate that the SSL binding is in place in the IIS Manager.

    It is certainly more secure as all traffic is encrypted.  It can present a performance issue (there are extra steps in the SSL negotiation process and generally browsers will not cache SSL-based assets (e.g. images, pages)), but I would generally recommend it.  If you're using Windows NTLM, Basic, or an FBA provider, you will want SSL at all times.

    SSL + FQDN also simplifies URLs.  No more remembering http://webAppUrl internally and https://webAppUrl.company.com externally.  Certain scenarios (Alerts, SSRS Subscriptions) also only work over the URL they were created on or present information to the URL they were created on.  Having a unified URL greatly simplifies things.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by tracycai Monday, September 30, 2013 10:44 AM
    Tuesday, September 24, 2013 4:27 AM