Sitecore and SSL

As a Solution Architect in Sitecore you often get request ‘howto do SSL in Sitecore’. Beside of our great Shared Source SSL module, you’ve to do something on configuring the network/OS level to register the certificate.

So what’s the general idea of SSL? You want to have certain pages to execute over an encrypted connection. The most feasible solution is SSL which encrypts the data by default using a 128bit encryption. Still pretty strong these days, although I won’t be surprised if we move to 256bit somewhere in 2010. There are several traditional vendors who deliver certificates. In the Netherlands for example KPN. All register their certificates at VeriSign, a party who does take care of the strength of the encryption and the validation of newly created certificates.

Afterwards you’ve to integrate it into Sitecore. A very simple solution is to decide per item if you want to run the constructed page on SSL or not. The Shared Source component takes care of that part.

Now the infrastructure / OS ‘issue’. It seems for a several reasons that running certificates on the web application software(IIS) is very expensive. Combining encryption with page rendering is always possible in every internet server(Apache, Tomcat, IIS, etc), but all have significant disadvantages when it comes to delivery.

I often suggest to rather use a network based solution. These days’ routers, load balancers and switches have the possibility to handle https/ssl for you. As these machines are designed for passing TCP/IP packages thru, they can easily encrypt them. Beside of that, when you run into out scaling scenarios, you don’t have to manage your certificates on multiple places.

Here’s a simple diagram:

SSL Executor

In this case the SSL Executor is a Reversed Proxy, but it can also be a firewall or other network interface.

Hope this helped. 🙂

Note: This is a post written out of my experience as an architect in many projects. I’m involved in general in Sitecore projects, but rarely I’ve got the opportunity to ‘work’ a little outside of this boxed environment. Often these high level problems arise in project where Sitecore is involved but also in other projects. It’s never my intention to blame a vendor, although I might point out some weaknesses.

3 thoughts on “Sitecore and SSL”

  1. Alexia,

    can I display a sitecore website (display only) on an Apache web server running on a linux machine?
    Sitecore may be pure ASP .NET, but I have an apache http server, can’t I just configure the Sitecore CMS app to render its webpages to an apache running on a linux?
    Or does the web server also need .NET an some application server stuff?

    Many thanks for any help, I really need it

    Best regards,
    Rahul Mahboobani

  2. Hi Alex,
    is it possible to implement SSL encrypted mail delivery? In Sitecore you can define the host gateway, how can this be expanded with SSL encryption?
    Thanks a lot for your help,
    Benjamin

Comments are closed.