/ Sitecore

Sitecore 9: xConnect Endpoint Communication… Certificates, Ports, Hosts Files/DNS, and More!

0 Shares

Sitecore 9 brings a heavy paradigm with certificates and intra-machine communication when you decide to implement a scaled XP1 environment. You could have separate servers for each Sitecore role, or an architecture that has xConnect on one Server… CMS, Processing, and Reporting on another… and your CDS(s) serving public traffic.

As you need to ensure communication between these servers and roles, there are a few key aspects to keep in mind:

1) xConnect Roles (5 of them in an XP1 scenario) are essentially endpoints and you need to ensure the requisite roles can communicate over Port 443 (ex. The CMS needs to communicate with the xConnectCollectionSearch, xConnectReferenceData, xConnectAutomationOperations, and xConnectionAutomationReporting endpoints. Beyond opening Port 443 communication for SSL/HTTPS, you may need to add Host file entries… or preferably DNS records for the endpoints so the machines “know” where the xConnnect endpoints are located

2) Once a Sitecore role “knows” where an endpoint is, it needs the Server and Client Certificates for the endpoint installed on its machine for the proper handshakes to occur. The Server Certificate is for encrypted SSL/HTTPS communication, while the Client Certificate is to validate that you are authorized to connect to the endpoint (thumbprints in the connectionString file are from the matching Client Certificate). You can retrieve the thumbprints on your server via the following PowerShell:

Get-ChildItem -path cert:\LocalMachine\My

3) You also need the Trusted Root Certificate for the Server and Client Certificates. As an example, you would export the actual Server and Client Certificates from the xConnect Personal Store, as well as, the Trusted Root Certificates from the Trusted Root Certification Authorities and then import these to the same locations on your connecting server. If you generated Self-Signed Certificates from the Sitecore SIF, these will be named “DO_NOT_TRUST_SitecoreFundamentalsRoot” and “DO_NOT_TRUST_SitecoreRootCert”

Depending on any other networking/security considerations you have in the environment, remembering that you need a combination of machine communication and the proper certificates installed across your Sitecore infrastructure should prevent those curious issues where Sitecore errors are occurring (ex. Experience Analytics errors: https://thebitsthatbyte.com/sitecore-9-xp1-client-certificates-guide/)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap