Many production-facing Sitecore implementations have requirements to use SSL, and this should apply to the use of xDB as well. Since xDB is built on MongoDB, its important to be able to leverage MongoDB data connections with the use of SSL. This blog post explains how you can ensure (with minimal code) the MongoDB C# driver client object is created with a client certificate for SSL.
Out of the box Sitecore creates an instance of the MongoDB C# driver as the client to allow the Sitecore application to interact and communicate with MongoDB. This occurs in
Sitecore.Analytics.MongoDb.dll in the class
Sitecore.Analytics.Data.DataAccess.MongoDb.MongoDbDriver. The constructor creates a MongoDB client from the URL settings via the connection string. That said, if you have a MongoDB enterprise client certificate, you need to ensure Sitecore creates the client in C# with that certificate. Luckily Sitecore has thought of this and exposed a pipeline to update the MongoDB client settings before it constructs the client object. Here’s the relevant code snippet directly from Sitecore’s DLL:
So to tap into this and update the settings we need to run a processor in that pipeline. The pipeline appears to have no processors out of the box according to its config file (
Let’s tap in and add our client certificate settings via the
The MongoDB C# driver documentation to update the client setting with the certificate info indicates the following sample code snippet:
So we can write our corresponding pipeline processor like this:
Now we can obviously abstract the two hard-coded strings for “client.pfx” and “mySuperSecretPassword” and expose them in a config setting. Also note that the pipeline processor base class exposes an abstract method
UpdateSettings(UpdateMongoDriverSettingsArgs args) that you will want to override in the processor (rather than implementing
And that’s about all you need. With minimal code and config changes you can ensure the MongoDB C# client object respects the necessary certificate that the server expects.