Enabling HTTPS between Sitecore Commerce Transaction Service and Reference Storefront Site


Description

In Sitecore Commerce powered by Microsoft Dynamics 8.0 Update-1, the transaction service uses HTTPS protocol for some functionalities.

Follow the steps below to fully enable SSL communication if this is necessary.

Solution

On the Transaction Service side:

  1. In the \Website\TransactionService\web.config file (in below example, it assumes the transaction service is deployed under a Sitecore website), change 
    <binding name="wsSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:20:00" sendTimeout="00:20:00" maxBufferPoolSize="10485760" maxReceivedMessageSize="1048576" messageEncoding="Text" textEncoding="utf-16" useDefaultWebProxy="true">
  <readerQuotas maxStringContentLength="1048576" maxBytesPerRead="1048576" />
  <security mode="None">
    <message clientCredentialType="Windows" negotiateServiceCredential="false" algorithmSuite="Default" establishSecurityContext="false" />
  </security>
</binding>
    to 
    <binding name="wsSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:20:00" sendTimeout="00:20:00" maxBufferPoolSize="10485760" maxReceivedMessageSize="1048576" messageEncoding="Text" textEncoding="utf-16" useDefaultWebProxy="true">
  <readerQuotas maxStringContentLength="1048576" maxBytesPerRead="1048576" />
  <security mode="Transport">
    <transport clientCredentialType="None"/>
  </security>
</binding>
  2. For each service under the <services>, change 
    <endpoint binding="mexHttpBinding" address="mex" contract="IMetadataExchange" />
    to 
    <endpoint binding="mexHttpsBinding" address="mex" contract="IMetadataExchange" />
  3. In the IIS Manager, go to AXRefStorefront -> TransactionService and select SSL Settings in the Feature view. Enable the Require SSL option.
    Refresh the site and navigate to some service using https. For example:
    https://ax.reference.storefront.com/TransactionService/CheckoutService.svc

    Make sure that the service is working. Most likely you will see the notification that your certificate is not trusted. If so, install the certificate to the "Trusted Root Certification Authorities". You can do if from the web browser by choosing the location to the Trusted root, or from the Microsoft Management Console.

On the client side:

  1. In the \Website\App_Config\DynamicsRetail.Connectors.Services.config file, change: 
    <wsHttpBinding>
  <binding name="wsBinding"  maxReceivedMessageSize="2147483647">
    <security mode="None">
      <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
      <message clientCredentialType="Windows" negotiateServiceCredential="false" algorithmSuite="Default" establishSecurityContext="false" />
    </security>
  </binding>
</wsHttpBinding>
    to 
    <wsHttpBinding>
  <binding name="wsBinding"  maxReceivedMessageSize="2147483647">
    <security mode="Transport">
      <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
      <message clientCredentialType="Windows" negotiateServiceCredential="false" algorithmSuite="Default" establishSecurityContext="false" />
    </security>
  </binding>
</wsHttpBinding>
  2. For all endpoints, change 
    <endpoint address="http
    to 
    <endpoint address="https