Skip to main content

Xconnect certificate thumbprint and communication with sitecore and xconnect

Hello People,

One of my blog post i was writing about the issue i had with my xconnect and experience analytics not working

On the same line i had to troubleshoot and check xconnect certificate and thumbprint in config files, So i also discovered in this process that lot of people like me did not have exact idea about how xconnect and sitecore communicates and what is thumbprint and why it is used and where it is configured, So thought to do a quick blog post about it.

Communication between Sitecore and Xconnect
Everyone of us will need to work with xconnect directly or indirectly, so its better to understand how sitecore talks to xconnect.


xconnect (Definition)
xConnect is the service layer that sits in between the xDB and any trusted client, device, or interface that wants to read, write, or search xDB data. Communication must happen over HTTPS and clients must have the appropriate certificate thumbprint

Now my point of interest here is to tell you is how Sitecore and xconnect connects and what is the  thumbprint for it and where it is configured.

So xconnect is the server where client connects, so here in our case sitecore is the client which connect to xconnect for its services like analytics and marketing automation features and services which are abstracted in xconnect.

Why xconnect certificate is used
It provides additional layer of scurity and It is considered secure than traditional user name and password to communicate and it is cryptographically secure way to have a communication between Sitecore & Xconnect.

Now if we observe the xconnect AppSettings.config file of xconnect role



  • AllowInvalidClientCertificates 
         This defines if the Sitecore is allowed to connect even if the certificate is invalid, So this is also   interesting to know that if you still want to connect if you do not have trusted client certificate, you can still use that certificate but you just need to keep the value of AllowInvalidClientCertificates =true. (though not recommended for production)
  • ValidateCertificateThumbprint
         This is thumbprint of the xconnect certificate, and this setting defines that what other roles should have which thumbprint, you can verify this thumbprint with the certificate thumbprint to make sure that which certificate is being used to communicate.



As shown above, i have opened the xconnect certificate and see the thumbprint, so we can make sure that this is the certificate and the thumbprint should be used in all roles (if scaled environment)

  • Thumbprint needed in what roles in scaled environments 
In our case we had CM server and CD server, and on CM server we had different roles installed on same CM server with different IIS instance of those role configured, So go to Connectionstring.config and AppSettings.config of all roles like Processing, Reporting, Xconnect Search, Content Managemnet, Content Delivery and verify the thumbprint with xconnect thumbprint and make sure that those are same as xconnect certificate thumbprint.


So, hope above information helps to understand why xconnect is needed, where to find thumbprint, what if we do not have trusted certificate and what all roles will need the same thumbprint to connect with xconnect.


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

High CPU to completely normal CPU - SXA issue, SXA pages not loading in mobile device

  Hi Team, Today i am going to share one of the nightmarish issue with you all, We are having Sitecore 9.1.1 hosted in azure PaaS environment Our site was working just fine and no noise, but we have been working on a feature release where 7-8 months of development needed to be released to production, Big GO LIVE event right?  Also to make the development smoother we also introduced BLUE/GREEN deployment slots in the same release, so we can easily SWAP slots and go live Everything went well, we went live, we even did load and performance testing on our staging and pre-prod and we were confident enough of results Very next day we started getting "SITE DOWN" alerts, and also product owners and clients mentioned that site is very slow for them in US time and in our morning when we were accessing it, it was working lighting fast so we were clue less at start, but we started digging  1) First thing caught our eyes were HIGH CPU spikes, in US time, also without any traffic CPU u...
3 comments
Read more

One or more exceptions occurred while processing the subscribers to the 'item:creating' event

I was recently installing the packages from one of the QA environment to my local Sitecore instance, "Media library package" to be precise, And it started giving me this below error One or more exceptions occurred while processing the subscribers to the 'item:creating' event Looking at the sitecore logs, it gave me more info on the context and the actual inner exception was following Solution: 'Name' should consist only of letters, digits, dashes or underscore Now it was evident that some of my file names were violating the naming rule, I could see in the log just before exception from where the installer stopped creating items, and that file name had round braces "(" and ")" at the end of it, with my surprise I was able to create the item with those name in the content tree, but below was the solution for it, Solution I am using SC 9.0.1 and in that Go to Sitecore.Marketing.config file residing in "App_Config\Sitecore\Mar...
9 comments
Read more

Set up leprechaun code generation with Sitecore XM Cloud Starterkit

Hi Sitecorians, It has been amazing learning year so far and with the change in technology and shift of the focus on frontend frameworks and composable products, it has been market demand to keep learning and exploring new things. Reasons behind this blog Today's topic is something that was in my draft from April-May, and I always thought that there is already a good documentation out there for  Leprechaun  and a blog post is not needed, Until I realized that there was so many of us facing same kind of issues and same kind of problems and spending same amount of time, That is where I thought, if I could write something which can reduce that repetitive troubleshooting time, That would really help the community. 1)  In a project environment, if we get into some configuration issues, we resolve them, we make sure we are not blocked and continue, but if you think same issue, same step and same scenario will come to other people, so if we can draft it online, it will help othe...
Post a Comment
Read more