Sitecore Experience Commerce

Certificate authentication

Certificate authentication is used for systems going through Commerce Engine (CE) Connect, like the SXA Storefront.

The caller must provide a header named X-ARR-ClientCert in the request headers with valid certificate information. The expected certificate information (i.e., issuer, thumbprint) is stored in the Commerce Engine config.json file. The same thumbprint must be stored in the CE Connect configuration file - Sitecore.Commerce.Engine.config.

The following is a sample of the certificate section in the Sitecore.Commerce.Engine configuration file:

"Certificates": {
              "Certificates": [
             {
              "Subject": "CN=storefront.engine",
              "IssuerCN": "CN=storefront.engine",
              "Thumbprint": "F1D8349D784BF672B99103C1C204A57556DD263A"
             }
             ]
       }