When using the default HTTP protocol for external SharePoint sites (for example Extranet zone for your clients) – you are taking a huge risk that someone will sniff and retrieve data trasnferred between your SharePoint front-end server and end-user. To prevent a data leak, you should encrypt the data that is being transferred between the front-end and the user. The only proper way to do this is to have an SSL certificate installed. Installing an SSL certificate not only gives you the verification of the site address (when using trusted root certificate sources), but it also encrypts your data so there is very little chance that the packets sniffed will be readable by anyone else than your users and SharePoint itself.
SSL certificates certainly add to the cost of a SharePoint site but you can use your own Certificate Authority or even use self-signed certificate from IIS Server 7. This will be marked as untrusted in the client browsers, but at least you will have encryption enabled. So let’s try to enable SSL on a test site, with the Self-Signed Certificate .
Open IIS Manager and look for Server Certificates icon in Features View of your IIS Server.
IIS Manager v7.5 with Server Certificates icon selected
Double click the Server Certificates icon and select Create Self-Signed Certificate from the Actions menu on the right:
Server Certificates Window with highlighted option to Create a self-signed certificate
Now specify a Friendly name of the Certificate. This will be used as an identifier and I strongly suggest you use the actual domain name you will be using. So for the site http://sps2010 it will be sps2010.
Self Signed Certificate creation – Friendly Name window
Click on OK button and you are done. You have a SSL certificate that you can now use with a SharePoint site. Now we need to bind this certificate with our application. To do this, expand the Sites tree view in IIS Manager and select the SharePoint website.
IIS Manager with my Example app site highlighted
Now click on the Bindings option on the action pane on the right side of the screen.
Site Bindings window with default settings for typical SharePoint application
Here you can add the SSL (HTTPS) authentication for this site, so let’s go ahead and click Add button. Next you need to specify the binding type , so select HTTPS and then you will need to specify the certificate, so from the SSL Certificate field choose our newly created self-signed certificate called sps2010 and click OK.
Add site binding window
Now our site should be running with SSL enabled already, so you can try this by trying https://sps2010 in your browser. You may have to ignore the browser warning that this certificate is untrusted – this is normal and you can ignore it.
IE Browser with Certificate Error
To these warnings being shown to every user, you should consider buying trusted site-certificate from root authorities like Thawte, or distribute your own Root Certificate Authority (.der type of certificate) to your clients so you can use your own certificates.
Thats it, your SSL Certificate is now properly installed and ready to be used on your SharePoint site.
View the original article here