Skip to main content

Xconnect certificate thumbprint and communication with sitecore and xconnect

Hello People,

One of my blog post i was writing about the issue i had with my xconnect and experience analytics not working

On the same line i had to troubleshoot and check xconnect certificate and thumbprint in config files, So i also discovered in this process that lot of people like me did not have exact idea about how xconnect and sitecore communicates and what is thumbprint and why it is used and where it is configured, So thought to do a quick blog post about it.

Communication between Sitecore and Xconnect
Everyone of us will need to work with xconnect directly or indirectly, so its better to understand how sitecore talks to xconnect.


xconnect (Definition)
xConnect is the service layer that sits in between the xDB and any trusted client, device, or interface that wants to read, write, or search xDB data. Communication must happen over HTTPS and clients must have the appropriate certificate thumbprint

Now my point of interest here is to tell you is how Sitecore and xconnect connects and what is the  thumbprint for it and where it is configured.

So xconnect is the server where client connects, so here in our case sitecore is the client which connect to xconnect for its services like analytics and marketing automation features and services which are abstracted in xconnect.

Why xconnect certificate is used
It provides additional layer of scurity and It is considered secure than traditional user name and password to communicate and it is cryptographically secure way to have a communication between Sitecore & Xconnect.

Now if we observe the xconnect AppSettings.config file of xconnect role



  • AllowInvalidClientCertificates 
         This defines if the Sitecore is allowed to connect even if the certificate is invalid, So this is also   interesting to know that if you still want to connect if you do not have trusted client certificate, you can still use that certificate but you just need to keep the value of AllowInvalidClientCertificates =true. (though not recommended for production)
  • ValidateCertificateThumbprint
         This is thumbprint of the xconnect certificate, and this setting defines that what other roles should have which thumbprint, you can verify this thumbprint with the certificate thumbprint to make sure that which certificate is being used to communicate.



As shown above, i have opened the xconnect certificate and see the thumbprint, so we can make sure that this is the certificate and the thumbprint should be used in all roles (if scaled environment)

  • Thumbprint needed in what roles in scaled environments 
In our case we had CM server and CD server, and on CM server we had different roles installed on same CM server with different IIS instance of those role configured, So go to Connectionstring.config and AppSettings.config of all roles like Processing, Reporting, Xconnect Search, Content Managemnet, Content Delivery and verify the thumbprint with xconnect thumbprint and make sure that those are same as xconnect certificate thumbprint.


So, hope above information helps to understand why xconnect is needed, where to find thumbprint, what if we do not have trusted certificate and what all roles will need the same thumbprint to connect with xconnect.


Labels:

Comments

Post a Comment

Popular posts from this blog

High CPU to completely normal CPU - SXA issue, SXA pages not loading in mobile device

  Hi Team, Today i am going to share one of the nightmarish issue with you all, We are having Sitecore 9.1.1 hosted in azure PaaS environment Our site was working just fine and no noise, but we have been working on a feature release where 7-8 months of development needed to be released to production, Big GO LIVE event right?  Also to make the development smoother we also introduced BLUE/GREEN deployment slots in the same release, so we can easily SWAP slots and go live Everything went well, we went live, we even did load and performance testing on our staging and pre-prod and we were confident enough of results Very next day we started getting "SITE DOWN" alerts, and also product owners and clients mentioned that site is very slow for them in US time and in our morning when we were accessing it, it was working lighting fast so we were clue less at start, but we started digging  1) First thing caught our eyes were HIGH CPU spikes, in US time, also without any traffic CPU u...
3 comments
Read more

Sitecore Stream - Platform DxP Evolution

Hi Team, I am absolutely Sitecore Stream enthusiast, and if you also keep following what is new in it and explore it features, This blog post is for you Since it was announced in symposium 2024 and probably the first platform DxP version package was released in FEB-2025 and we are now in Sep end and there have been significant roll outs and we are into 6th release of the platform DxP package. The purpose of this blog post is to summarize all improvements which came along with different releases for all of you and community, If you have not explored all of the packages. NOTE : Remember Stream is "AI capabilities throughout the composable stack, be it Content Hub, XMC, CDP, Personalized but this blog post is only for platform DxP package for on-prem XP/XM. If you see the image above, i have tried to show the package rollout on the timeline as an when they were released and watchout for next package rollout, For other useful features :)  Important improvements 1) Less configurations ...
Post a Comment
Read more

An error occurred while receiving the HTTP response to This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.

You have noticed many times that everything was working fine and suddenly the below error starts coming and you find no way to work it out An error occurred while receiving the HTTP response to This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. The reason for this is the receiving size of WCF service is smaller then the data which is coming from service It was working before because it was small,So you will have to try to increase the receiving setting in your end point,Possible settings can be following maxStringContentLength="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxArrayLength="2147483647" That would definately help you!!!
1 comment
Read more