Sitecore MongoDB with SSL Customization

Worked on client requirement on Sitecore 8.1 to integrate MongDB with SSL client certificate. Client had their own SHA-2 SSL certificate and wanted to integrate Mongo with Sitecore using that.

Customized MongoDB Pipeline:

Customize the MongoDB pipeline  by defining  a new “updateMongoDriverSettings” pipeline in the Sitecore.Analytics.MongoDB.Config:

<?xml version=”1.0″ encoding=”utf-8″ ?>
<configuration>
<sitecore>
<!–
MongoDB settings node.
* `recoveryTimeout` – time to wait before a connection to the database is
reattempted after it was marked as offline.
–>
<mongo recoveryTimeout=”60″>
<driver type=”Sitecore.Analytics.Data.DataAccess.MongoDb.MongoDbDriver, Sitecore.Analytics.MongoDB”>
<param desc=”connectionString”>$(0)</param>
<param desc=”failOnReadErrors”>false</param>
</driver>
</mongo>

<pipelines>
      <updateMongoDriverSettings>
        <processor type=”Namespace, Assembly” />
      </updateMongoDriverSettings>
    </pipelines>
</sitecore>
</configuration>

SSL Integration using physical PFX file: In this approach the PFX file will be physical placed on the server and in AppSetting.config we will be providing the PFX file path.  Add this setting in AppSetting.config

<add key=”PfxFile” value=”<<<Physical Path>>>” />

<add key=”PfxFilePassword” value=”<<<Password>>>” />

Define the following implementation in assembly mentioned in pipeline:

using MongoDB.Driver;
using Sitecore.Analytics.Pipelines.UpdateMongoDriverSettings;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Web.Configuration;

namespace Pipelines.SSL
{
class EnableSslForMongo : UpdateMongoDriverSettingsProcessor
{
public override void UpdateSettings(UpdateMongoDriverSettingsArgs args)
{
var cert = new X509Certificate2(WebConfigurationManager.AppSettings[“PfxFile”], WebConfigurationManager.AppSettings[“PfxFilePassword”]);

args.MongoSettings.SslSettings = new SslSettings();
args.MongoSettings.SslSettings.ClientCertificates = new[] { cert };
args.MongoSettings.SslSettings.CheckCertificateRevocation = false;
args.MongoSettings.SslSettings.EnabledSslProtocols = SslProtocols.Tls12;
args.MongoSettings.UseSsl = true;
}
}
}

SSL Integration reading Machine Key for SSL Settings: Add the following setting in App_Setting.config.

<add key=”CertSubjectName” value=”CN=<<<domain name>>>, OU=*, L=*, S=*, C=*” />

Define the following implementation in assembly mentioned in pipeline:

using MongoDB.Driver;
using Sitecore.Analytics.Pipelines.UpdateMongoDriverSettings;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Web.Configuration;

namespace Pipelines.SSL
{
class EnableSslForMongo : UpdateMongoDriverSettingsProcessor
{
public override void UpdateSettings(UpdateMongoDriverSettingsArgs args)
{
X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);

try
{
//Open connection
certStore.Open(OpenFlags.ReadOnly);

//Create certificate collection
X509Certificate2Collection certCollection = certStore.Certificates;

foreach (var cert in certCollection)
{
//Check for PFX file in local machine certificate store
if (cert.SubjectName.Name == WebConfigurationManager.AppSettings[“CertSubjectName”])
{
Sitecore.Diagnostics.Log.Info(“Certificate Subject Name”, this);
Sitecore.Diagnostics.Log.Info(cert.SubjectName.Name, this);

//MongoDB changes
args.MongoSettings.SslSettings = new SslSettings();
args.MongoSettings.SslSettings.ClientCertificates = new[] { cert };
args.MongoSettings.SslSettings.CheckCertificateRevocation = false;
args.MongoSettings.SslSettings.EnabledSslProtocols = SslProtocols.Tls12;
args.MongoSettings.UseSsl = true;

break;
}
}
}
finally
{
//Close connection
certStore.Close();
}
}
}
}

Build the solution and try connecting with MongoDB, make sure connection string are properly mentioned in ConnectionString.config.

Hope this helps.

3 thoughts on “Sitecore MongoDB with SSL Customization

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: