Data in transit encryption

By Phi Lac Nguyen
Published 9 months ago
~3 minute read
wave small

To ensure that data in transit encryption is set up for SharePoint, you need to configure Secure Sockets Layer/Transport Layer Security (SSL/TLS) to encrypt data as it travels between clients (such as web browsers) and SharePoint servers. Here are the steps to set up data in transit encryption for SharePoint:

1. Obtain an SSL/TLS Certificate:

You'll need an SSL/TLS certificate to enable HTTPS encryption for your SharePoint web applications. You can obtain a certificate in one of the following ways:

  • Purchase a Certificate: You can purchase an SSL/TLS certificate from a trusted certificate authority (CA) like DigiCert, Comodo, GlobalSign, or others. The CA will provide you with the certificate file and any intermediate certificates.
  • Use a Public CA: Some public CAs offer free SSL/TLS certificates, such as Let's Encrypt. These certificates are suitable for many scenarios.
  • Internal CA: If your organization has an internal CA infrastructure, you can generate SSL/TLS certificates internally. However, these certificates may not be trusted by external users unless your CA's root certificate is added to their trust store.

2. Configure SSL/TLS in SharePoint:

Once you have obtained the SSL/TLS certificate, follow these steps to configure SSL/TLS in SharePoint:

  • Import the Certificate: Import the SSL/TLS certificate into the server's certificate store where SharePoint is installed.
  • Assign the Certificate to the SharePoint Web Application: Use SharePoint Central Administration or PowerShell to assign the imported certificate to the SharePoint web application. This associates the certificate with the specific URL or host header for the web application.
  • Configure IIS: You may need to configure Internet Information Services (IIS), which hosts SharePoint web applications, to use the SSL/TLS certificate. You can do this using IIS Manager.

3. Update SharePoint Alternate Access Mappings (AAM):

Ensure that Alternate Access Mappings (AAM) are correctly configured to reflect the use of HTTPS. This step helps SharePoint understand how requests should be mapped to the web application.

4. Update Site Collection URLs:

If necessary, update site collection URLs to use the "https://" scheme. This ensures that users access SharePoint sites via encrypted connections.

5. Test and Verify:

After configuring SSL/TLS for SharePoint, thoroughly test your SharePoint sites to ensure that they are accessible via HTTPS. Also, verify that the SSL certificate is correctly installed and trusted by clients.

6. Implement HSTS (HTTP Strict Transport Security):

Consider implementing HSTS in your SharePoint configuration to instruct web browsers to always use HTTPS when connecting to your SharePoint sites. This adds an extra layer of security by preventing insecure HTTP connections.

7. Monitor and Maintain:

Regularly monitor the SSL/TLS certificate's expiration date and renew it before it expires. Additionally, stay informed about security updates and best practices related to SSL/TLS encryption.

By following these steps, you can set up data in transit encryption (HTTPS) for SharePoint, ensuring that data exchanged between clients and SharePoint servers is encrypted and secure. This is an important security measure to protect sensitive information and maintain the confidentiality and integrity of your SharePoint data.