What is Secure Socket Layer?
• SSL is the standard technology to create an encrypted link between a web server and a browser.• All data passed between server and client is private
• Requires a SSL certificate
• Creating a SSL certificate includes:• Completing several questions regarding the identity of your site and
complany
• Web server creates two keys, public and private known as asymetric encryptiong
• SSL has been succeeded by Transport Layer Security (TLS) which is based on SSL
Encryption 101
• Single Key (Symmetric) encryption• One “key” or passphrase used to encrypt and decrypt
• FAST – good for large amounts of data
• How do you get the key across the network?
• Ex: AES, DES, DES3• Advanced Encryption Standard
• Data Encryption Standard
• Triple DES
• Dual key (or Asymmetric or public key) encryption• Two mathematically related keys
• Public – used to encrypt / verify signature• Everyone knows public key
• Private – used to decrypt / sign• Only sender/receiver have private key
• Slower functioning – not applicable for entire files
• Ex: RSA, DSA
Encryption 101
Asymmetric Encryption
• Alice sends data and encrypts with Bobs public key
• Can give public key to anyone
• Bob receives Alice’s encrypted data.
• Bob decrypts Alice’s data with private key
• Only Bob has private key – Only Bob can decrypt request!
Encyption 101
How do you know it’s my public key?
• “Bad” server could claim to be web server for my bank
• “Here’s my public key, encrypt your account and send it to me”• Why do we listen to the request?
• Sent from a “trusted” site. Ie. A site “resembling” your bank
Encryption 101
Certificates
• Digital construct (X.509) that contains my public key and other info
• Subject: who owns this key
• Valid dates: start and expire
• Issuer of certificate
• etc
• Issuer is someone we both trust• Browser recognized issuer, accepts cert
• Browser doesn’t recognize issuer, rejects cert• Usually asks User what to do
Encryption 101
How get cert
• VeriSign, DigiCert, Thawte, GoDaddy etc• Pay them and they give you
cert
• Usually underwritten by big bank – TRUST
• Recognized by most browsers – good for outside
• Gen your own• e.g., Microsoft Certertificate
Server (this is what we will do)• Microsoft CA (Certificate
Authority)
• e.g., OpenSSL – comes with Linux
Encryption 101
Microsoft Certificate Service
• Issues certificates for you – Acts as Certificate Authority (CA)
• Can implement a CA hierarchy• Root server is at top – issues certs for other CA’s
• Subordinate CA • Gets cert from “higher” CA – sort of like introducing it
• Issues certs for “lower” CA’s & end servers
• Can be Enterprise or Standalone• Enterprise requires a Domain Controller/Active Directory (Domain
Member?)• Can automate issuing of some certs
• Stand-alone can be on any Microsoft Server• Must do “issuing” yourself
Encryption 101
Creating Self Signed
• Server CertificatesCreate Self SignedProvide nameEdit Site Bindings
SharePoint Customization
• Site collectionsgroup of Web sites that have the same owner and share administration settings, for example, permissions. When you create a site collection, a top-level site is automatically created in the site collection. You can then create one or more subsites below the top-level site.• Can be created through
• Central Administration
• PowerShell
• SharePoint provides site collection templates for the following categories:
• Collaboration
• Meetings
• Custom
Sharepoint Email integration
• Configure outgoing mail
• SharePoint sends/receives emails for several reasons
• Create alerts to track site items such as lists, libraries and documents
• Site administrators can receive messages about site administrator issues such as site owners exceeding their storage space
Sharepoint Email integration
Configure incoming mail
• 4 step process
1. Enable incoming email in SharePoint
2. Install the SMTP service on one of the SharePoint web servers
3. Configure Exchange to forward messages to SharePoint
4. Specify which lists and libraries will be mail enabled
• More next week on this topic