These instructions are for a Sitecore 9.0.1. XP1 Topology - on Azure.
For using X-connect there is a need of using client certificates. In Azure these certificates are named private certificates. Since these certificates expire there is a need to replace them.
To make life easier I will describe this process in the 5 steps underneath:
Step 1 Upload the new certificate (pfx) to Azure using ARM template or portal.
Step 2 Get the thumbprint of the new certificate using powershell or portal:
[code language="powershell”] $ResourceGroupName = “resourcegroup” Get-AzureRmWebAppCertificate -ResourceGroupName $ResourceGroupName [/code]
When there are multiple certificates, check the name for the new certificate and add to the $authCertificateName variable below.
[code language="powershell”] $authCertificateName - “newuploadedcertificatename” (Get-AzureRmWebAppCertificate -ResourceGroupName $ResourceGroupName | Where-Object {$_.name -eq “$authCertificateName”}).Thumbprint [/code]
The thumbprint for the new certificate will be used in all configurable items described below.
Step 3: App_Config\AppSettings.config
Change the value for the validateCertificateThumbprint key to the new thumbprint for the following roles:
- xConnect Collection (xc-collect)
- Marketing Automation Operations (ma-ops)
- Marketing Automation Reporting (ma-rep)
- xConnect Reference Data (xc-refdata)
- xConnect Search Service (xc-search)
Note that for the “Marketing Automation Operations (ma-ops)” role there is a webjob, that can be found here: “\App_Data\jobs\continuous\AutomationEngine\App_Config” - change your thumbprint in the corresponding connectionstrings.config there as well.
Step 4 App_Config\Connectionstrings.config
Change the thumbprint(s) within the connectionstrings.config for the following roles:
-
Content Delivery
xconnect.collection.certificate xdb.referencedata.client.certificate xdb.marketingautomation.operations.client.certificate
-
Content Management
xconnect.collection.certificate xdb.referencedata.client.certificate xdb.marketingautomation.reporting.client.certificate xdb.marketingautomation.operations.client.certificate
-
Email Experience Manager - Dedicated Delivery Service
xconnect.collection.certificate xdb.referencedata.client.certificate xdb.marketingautomation.reporting.client.certificate xdb.marketingautomation.operations.client.certificate
-
Marketing Automation Operations
xconnect.collection.certificate
-
Processing
xconnect.collection.certificate
Step 5 App Settings Azure App Services
Within the Azure App Service Application Settings you should define the new thumbprint as well. This needs to be done for the following server role services:
Content Delivery Content Management Email Experience Manager - Dedicated Delivery Service Marketing Automation Operations Marketing Automation Reporting Processing
Change the app setting: WEBSITE_LOAD_CERTIFICATES —–> VALUEOFNEWTHUMBPRINT
ERRORS and WARNINGS that you will/might notice while the certificate and/or configuration has not been set correct:
WARN Could not load device ‘xxx-xxx-xxxx-xxxx’ from the device dictionary. Message: Ensure definition type did not complete successfully. StatusCode: 401, ReasonPhrase: ‘Invalid certificate’, Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
ERROR Cannot process ‘ProcessSubscriptions’ processor because of internal error Message: Ensure definition type did not complete successfully. StatusCode: 401, ReasonPhrase: ‘Invalid certificate’, Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
ERROR Cannot start analytics Tracker Ensure definition type did not complete successfully. StatusCode: 401, ReasonPhrase: ‘Invalid certificate’, Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
ERROR Cannot process ‘ProcessSubscriptions’ processor because of internal error Message: The certificate was not found