Advanced Configuration

At this point, you know how to administer your SharePoint implementation including planning, installing, and configuring services; creating web applications and site collections; managing security at the farm, web application, and site collection levels; and monitoring, performing maintenance, and preparing for disaster. However, there were two additional, more advanced configuration settings—configuring Kerberos as an authentication method and securing a web application's data transfer with SSL—that we haven't done, until now.

Using SSL with SharePoint

Often external access to company data through SharePoint requires the additional protection of SSL. Secure Socket Layer (SSL) encrypts data sent over HTTP (making it HTTPS, the S meaning secure) to help avoid any tampering while in transit. SSL uses certificates, as well as public and private keys to encrypt and decrypt data. When a client requests access to a site that uses SSL, the server sends back the certificate and its public key. The client checks the certificate information to make certain it can be trusted (that the site is authentic and can be trusted to be who they say they are), and then it creates a premaster key of its own and encrypts that with the server's public key. The server gets the premaster key, decrypts it with its private key, and uses that to create a master key (with the agreement of the client) to create a session key to encrypt all data to that client during that session. Both the client and the server know what the session key is that encrypts and decrypts the data that is traveling between them, but no one else does. This secures the traffic from snooping or any other exploitation while it is between destinations.