Sitecore MongoDB with SSL Customization

Worked on client requirement on Sitecore 8.1 to integrate MongDB with SSL client certificate. Client had their own SHA-2 SSL certificate and wanted to integrate Mongo with Sitecore using that.

Customized MongoDB Pipeline

Customize the MongoDB pipeline  by defining  a new “updateMongoDriverSettings” pipeline in the Sitecore.Analytics.MongoDB.Config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<sitecore>
<!--MongoDB settings node.
* `recoveryTimeout` - time to wait before a connection to the database is
reattempted after it was marked as offline.
-->
<mongo recoveryTimeout="60">
     <driver type="Sitecore.Analytics.Data.DataAccess.MongoDb.MongoDbDriver, Sitecore.Analytics.MongoDB">
          <param desc="connectionString">$(0)</param>
          <param desc="failOnReadErrors">false</param>
     </driver>
</mongo>
<pipelines>
     <updateMongoDriverSettings>
          <processor type="Namespace, Assembly" />
     </updateMongoDriverSettings>
</pipelines>
</sitecore>
</configuration>

SSL Integration using physical PFX file

In this approach the PFX file will be physical placed on the server and in AppSetting.config we will be providing the PFX file path.  Add this setting in AppSetting.config

<add key=”PfxFile” value=”<<<Physical Path>>>” />

<add key=”PfxFilePassword” value=”<<<Password>>>” />

Define the following implementation in assembly mentioned in pipeline:

using MongoDB.Driver;
using Sitecore.Analytics.Pipelines.UpdateMongoDriverSettings;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Web.Configuration;

namespace Pipelines.SSL
{
     class EnableSslForMongo : UpdateMongoDriverSettingsProcessor
     {
          public override void UpdateSettings(UpdateMongoDriverSettingsArgs args)
          {
               var cert = new X509Certificate2(WebConfigurationManager.AppSettings["PfxFile"], WebConfigurationManager.AppSettings["PfxFilePassword"]);
               args.MongoSettings.SslSettings = new SslSettings();
               args.MongoSettings.SslSettings.ClientCertificates = new[] { cert };
               args.MongoSettings.SslSettings.CheckCertificateRevocation = false;
               args.MongoSettings.SslSettings.EnabledSslProtocols = SslProtocols.Tls12;
               args.MongoSettings.UseSsl = true;
           }
      }
}

SSL Integration reading Machine Key for SSL Settings

Add the following setting in App_Setting.config.

<add key=”CertSubjectName” value=”CN=<<<domain name>>>, OU=*, L=*, S=*, C=*” />

Define the following implementation in assembly mentioned in pipeline:

using MongoDB.Driver;
using Sitecore.Analytics.Pipelines.UpdateMongoDriverSettings;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Web.Configuration;

namespace Pipelines.SSL
{
     class EnableSslForMongo : UpdateMongoDriverSettingsProcessor
     {
          public override void UpdateSettings(UpdateMongoDriverSettingsArgs args)
          {
               X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
               try
               {
                    //Open connection
                    certStore.Open(OpenFlags.ReadOnly);
                    //Create certificate collection
                    X509Certificate2Collection certCollection = certStore.Certificates;
                    foreach (var cert in certCollection)
                    {
                          //Check for PFX file in local machine certificate store
                          if (cert.SubjectName.Name == WebConfigurationManager.AppSettings["CertSubjectName"])
                          {
                               Sitecore.Diagnostics.Log.Info("Certificate Subject Name", this);
                               Sitecore.Diagnostics.Log.Info(cert.SubjectName.Name, this);
                               //MongoDB changes
                               args.MongoSettings.SslSettings = new SslSettings();
                               args.MongoSettings.SslSettings.ClientCertificates = new[] { cert };
                               args.MongoSettings.SslSettings.CheckCertificateRevocation = false;
                               args.MongoSettings.SslSettings.EnabledSslProtocols = SslProtocols.Tls12;
                               args.MongoSettings.UseSsl = true;
                               break;
                            }
                     }
                }
                finally
                {
                     //Close connection
                     certStore.Close();
                }
         }
     }
}

Build the solution and try connecting with MongoDB, make sure connection string are properly mentioned in ConnectionString.config. Sample connection string structure:

<add name="analytics" 
     connectionString="<<Your Mongo URL>>;
     authSource=admin; 
     ssl=true; 
     authMechanism=SCRAM-SHA-1; 
     sslVerifyCertificate=true"
/>

Hope this helps.

5 thoughts on “Sitecore MongoDB with SSL Customization

Add yours

  1. Pingback: Sitecore MongoDB with SSL Customization – Sitecore Competencies
  4. Pingback: Using Valid Certificates to Configure MongoDB for SSL/TLS – a system administrator
  5. Pingback: Sitecore connecting to MongoDB using SSL – a system administrator

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: