Sitecore and SSL

As a Solution Architect in Sitecore you often get request ‘howto do SSL in Sitecore’. Beside of our great Shared Source SSL module, you’ve to do something on configuring the network/OS level to register the certificate.

So what’s the general idea of SSL? You want to have certain pages to execute over an encrypted connection. The most feasible solution is SSL which encrypts the data by default using a 128bit encryption. Still pretty strong these days, although I won’t be surprised if we move to 256bit somewhere in 2010. There are several traditional vendors who deliver certificates. In the Netherlands for example KPN. All register their certificates at VeriSign, a party who does take care of the strength of the encryption and the validation of newly created certificates.

Afterwards you’ve to integrate it into Sitecore. A very simple solution is to decide per item if you want to run the constructed page on SSL or not. The Shared Source component takes care of that part.

Now the infrastructure / OS ‘issue’. It seems for a several reasons that running certificates on the web application software(IIS) is very expensive. Combining encryption with page rendering is always possible in every internet server(Apache, Tomcat, IIS, etc), but all have significant disadvantages when it comes to delivery.

I often suggest to rather use a network based solution. These days’ routers, load balancers and switches have the possibility to handle https/ssl for you. As these machines are designed for passing TCP/IP packages thru, they can easily encrypt them. Beside of that, when you run into out scaling scenarios, you don’t have to manage your certificates on multiple places.

Here’s a simple diagram:

SSL Executor

In this case the SSL Executor is a Reversed Proxy, but it can also be a firewall or other network interface.

Hope this helped. 🙂

Note: This is a post written out of my experience as an architect in many projects. I’m involved in general in Sitecore projects, but rarely I’ve got the opportunity to ‘work’ a little outside of this boxed environment. Often these high level problems arise in project where Sitecore is involved but also in other projects. It’s never my intention to blame a vendor, although I might point out some weaknesses.

Microsoft: Maybe the solution for a lot of your problems?

Figured just out that when starting programs in my newly installed Windows 7 installation, I’m always searching for the name of the program. For those who are not familiar with ‘searching in the startmenu’, please have a look at the screenshot below and look particularly at the search box.

windows-7-start-menu

When I search for ‘Internet Explorer’ I’ll get my standard browser: IE. Searching for ‘Mozilla’ will return the browser I use for mail and feed reading(all Google).

Why am I searching for Internet Explorer or Mozilla, why not for ‘Browser’ or ‘Internet’? I can depend on the icon what to choose. It will safe me a bunch of irrelevant names to remember, but more important, it more intuitive. It will also get the discussion away from what kind of browser you’re using. Create a simple dialog which allows you to download a couple of browsers associated to it. It is more logical and less vendor specific. I think it will be the solution for the discussion bundling IE with Windows as well!