Tuesday, September 22, 2020

Renew xConnect certificates

 For first versions of Sitecore 9.0 xConnect certificate and client certificate are set to expire each year.

For next versions of Sitecore 9, the certificates are set to expire each 2 year.

I guess everybody knows by now that if you do not have a valid certificate for xConnect or is expired, Sitecore Analytics does not work anymore, and you get all kind of errors in log files.

When it comes to Sitecore certificates and xConnect we are talking about two types of certificates.

A server certificate

Server Certificates are basically used to identify a server. Characteristically this certificate is issued to the hostnames, which could be a host reader – for example Microsoft or any machine name.

A client certificate

Client certificates as the name implies are clearly used to identify a client to a respective user, which means authenticating the client to the server.

A server certificate can be used as a client certificate, especially if the ‘server’ is not public and is visible only for the client. A certificate authority can use extensions to issue a certificate for a specific purpose or multiple puposes:

• anyExtendedKeyUsage (OID 2.5.29.37.0)

• Server Authentication (OID 1.3.6.1.5.5.7.3.1)

• Client Authentication (OID 1.3.6.1.5.5.7.3.2)

• Code Signing (1.3.6.1.5.5.7.3.3)

Make sure you delete expired Sitecore certificates from Local Computer certificate store – makes things much easier moving forward.

To renew xConnect server certificate, use the following PowerShell script that actually creates a new certificate for your domain:

1
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "site-prefix.local" -FriendlyName "site-prefix.local" -NotAfter $([datetime]::now.AddYears(5))

The certificate should be visible in IIS and you can assign it to the xConnect website binding.

To renew xConnect client certificate, run the following PowerShell script that runs only the create certificate SIF part from a Sitecore installation. I used a Sitecore 9.2 script to take advantage of the 2 year validity period for my certificate.

1
2
3
4
5
6
7
8
9
10
11
Import-Module SitecoreInstallFramework
$prefix = "site-prefix"
$PSScriptRoot = "d:\Sitecore\Installation Scripts\Sitecore 9.2.0\"
$XConnectCollectionService = "site-prefix.xconnect"
 
#install client certificate for xconnect
$certParams = @{
Path = "$PSScriptRoot\createcert.json"
CertificateName = "$prefix.xconnect_client"
}
Install-SitecoreConfiguration @certParams -Verbose

If you did not run the scripts on the server where it is needed you can export both certificates and import them on the server where xConnect is hosted.

Once the certificates are installed on the right server – I used mine for a Sitecore 9.0 installation, make sure you assign the correct right to the client certificate:

  • xConnect application pool user
  • CM application pool user

If your websites application pools use NetworkService as identity and not ApplicationPoolIndentity, add access for NetworkService.

This can be done from Local Computer certificates store using right click on the certificate and choose Manage Private Keys.

Next, we need to move any non-self-signed certificates from Personal location to Intermediate Certification Authorities store, run the following PowerShell commands:

1
2
3
Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject}
 
Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Move-Item -Destination Cert:\LocalMachine\CA

The certificates should be good to use now. Server certificate must be associated with https xConnect binding.

From client certificate, take certificate Thumbprint and update old Thumbprint in CM connection string:

Website\App_Config\ConnectionStrings.config

and xConnect application settings:

Website.xconnect\App_Config\AppSettings.config

You may need to restart Sitecore websites for all changes to be reloaded. I made sure with iisreset command everything was up and running.

Friday, September 18, 2020

Versioned layouts - Shared and final layout in Sitecore 8

This post explains what Shared and final layouts are and the differences between them. The concept of Shared and final layouts have been introduced with Sitecore 8.

Before Sitecore 8, if the presentation details are changed for one version of an item, it would reflect in all the other versions. Which means Sitecore does not used to support versioning of presentation details - neither language versions nor numbered versions.

With Sitecore 8 and beyond, this feature was introduced by adding Shared and Final layout tabs in the presentation details as shown in the figure below.

Shared Layout

Shared layout is like a shared field. All the controls added in this layout are shared among all the language ad numbered versions.

Shared Layout

Final Layout

All the changes made to this layout are specific to that language and numbered version. Initially all the controls from shared layout are imported to the final layout. Once you start making any changes in the final layout, these changes will remain here and become specific to that particular language version and numbered version.

Final Layout

###Shared vs final layout in Sitecore 8 - How a page is rendered using item's Shared and Final layouts ###

Scenario 1

Lets add below list of controls to the Shared layout

  • Header
  • Breadcrumb
  • Footer

After you add these controls to shared layout and saved, you will observe that the same controls have been added to the final layout automatically. This happens as final layout will have the shared controls and the controls which are specific to that version.

Now add below controls in the final layout - say you are adding these for EN language and version 3.

  • PageContent

After you add this control in final layout, the Shared layout is unchanged. Now if you publish the version 3 of EN language and render the page, you could see the content from all the four controls - Header, Breadcrumb, PageContent, Footer.

Now publish any other language version say FR (french) and render the page again. Now you will see the content only from 3 controls - Header, Breadcrumb, Footer. It is because we have only these 3 controls in the Shared layout and we nothing has been added in the final layout for FR language.

Scenario 2

Now go to the final layout and edit some fields of Header control, save and published. say you have changed the placeholder name for the same version 3 of EN language.

Now if you see the Header control in the Shared layout, it will be unchanged. Still have the old placeholder name. The change you made in final layout wont reflect here.

Now render the page in EN version. You could see the content of Header, Breadcrumb, PageContent, Footer but the Header content will be rendered in the new placeholder as we changed the placeholder for Header in final layout.

If we render the page in FR version it will be unchanged, as we dint modify anything in Shared layout.

Standard values' presentation details + item's presentation details

Hope you have understood the above two scenarios. In the above scenarios we dint include the standard values presentation details.

Without standard values this is how the page content would be like - Shared layout + Final layout changes

Now if you have included the presentation details in the standard values then this is how a page would be rendered - Standard values (Shared layout + Final layout changes) + Changes to the Item (Shared layout + Final layout changes).

Sometimes things might become complex and may confuse content authors because of this flow. So keep these details as simple as possible.

I hope it is clear. Comment your thoughts if any.