Configure Sitecore’s Mongo Client to use SSL

Many production-facing Sitecore implementations have requirements to use SSL, and this should apply to the use of xDB as well. Since xDB is built on MongoDB, its important to be able to leverage MongoDB data connections with the use of SSL. This blog post explains how you can ensure (with minimal code) the MongoDB C# driver client object is created with a client certificate for SSL.

Out of the box Sitecore creates an instance of the MongoDB C# driver as the client to allow the Sitecore application to interact and communicate with MongoDB. This occurs in Sitecore.Analytics.MongoDb.dll in the class Sitecore.Analytics.Data.DataAccess.MongoDb.MongoDbDriver. The constructor creates a MongoDB client from the URL settings via the connection string. That said, if you have a MongoDB enterprise client certificate, you need to ensure Sitecore creates the client in C# with that certificate. Luckily Sitecore has thought of this and exposed a pipeline to update the MongoDB client settings before it constructs the client object. Here’s the relevant code snippet directly from Sitecore’s DLL:

So to tap into this and update the settings we need to run a processor in that pipeline. The pipeline appears to have no processors out of the box according to its config file (App_Config\Include\Sitecore.Analytics.MongoDb.config):

Let’s tap in and add our client certificate settings via the updateMongoDriverSettings pipeline.

The MongoDB C# driver documentation to update the client setting with the certificate info indicates the following sample code snippet:

So we can write our corresponding pipeline processor like this:

Now we can obviously abstract the two hard-coded strings for “client.pfx” and “mySuperSecretPassword” and expose them in a config setting. Also note that the pipeline processor base class exposes an abstract method UpdateSettings(UpdateMongoDriverSettingsArgs args) that you will want to override in the processor (rather than implementing Process(...)).

And that’s about all you need. With minimal code and config changes you can ensure the MongoDB C# client object respects the necessary certificate that the server expects.

 

Mark Ursino

Mark is Sr. Director at Rightpoint and a Sitecore MVP.

 

4 thoughts on “Configure Sitecore’s Mongo Client to use SSL

  1. Hi Mark,

    Can you please provide me the sample class file for the same and updated Sitecore.Analytics.MongoDb.config with new pipeline implemented. Also any additional artifacts, so that I can integrate them with my solution to make it running?

    Thanks in advance
    KT

  2. My Pipeline is working fine with SSL and SHA2 Server certificates.

    But when I use Shared Session provider as Mongo with SSL+Certificate, my pipeline doesn’t comes in picture and Sitecore unable to connect with Mongo at all.

    Please suggest.

Leave a Reply to Mark Ursino Cancel reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.