Skip to main content

Enforce HTTPS for Experience Platform service roles

Abstract

How to enforce HTTPS for clients connecting to a Sitecore XP Services role with a web end point.

Applies to

All XP service roles

Sitecore Installation Framework

HTTPS is enforced by default.

Azure Toolkit

HTTPS is enforced by default.

To enforce HTTPS for any client connecting to an XP service role with a web end point:

  • Open the C:\<Path to xConnect>\App_data\config\sitecore\CoreServices and ensure that the following configuration files are available:

    • sc.XConnect.Security.EnforceSSL.xml

    • sc.XConnect.Security.EnforceSSLWithCertificateValidation.xml

Note

HTTPS is enforced by default. To allow HTTP in a development environment, disable or delete the configuration files in this topic. This is not recommended in a production environment.