Share via

Using an SSL Offloader for Performance Improvement

  • Article

When securing communication channels in a commerce deployment with secure socket layer (SSL), the use of SSL offloading in front of the presentation tier is recommended to minimize the negative performance impact that SSL can have on your e-commerce solution.

The following information provides guidance to help you configure an SSL offloading port on the presentation tier to work with an SSL offloader. Examples in the following procedures are based on the Microsoft SharePoint 2010 Solution Storefront site.

Configuring SSL Offloading for Performance Improvement

To configure the Web application to work with an SSL offloader

  1. Configure the Web application to require SSL encryption. In the Web.config file, locate the element that contains the SecurePageSettings. Enable SSL and specify the hostname and port number to use for secure and unsecure connections respectively. In the following example, port 8190 is used for secure connections. Port 80 is used for unsecure connections to the site:

    <SecurePageSettings requireSsl="true" nonSecureHostName="siteHostName" nonSecurePort="80" secureHostName="siteHostName" securePort="443" sslOffloadPort="8190">

  2. Update the Commerce Foundation service endpoint to specify the address of the non secure hostname (configured in the previous step):

    <endpoint name="Foundation_ddbe7cae-94e0-4c14-8e7f-7070f8cf5211_Internet" address="http://<siteHostName>/Foundation/foundationservice.svc" binding="wsHttpBinding" contract="Microsoft.Commerce.IOperationService" />

  3. Make sure that the base address of the service hosting environment specifies the URL prefix of your Web site, as shown in the following example:

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true">
   <baseAddressPrefixFilters>
      <add prefix="http://<siteHostName>"/>
   </baseAddressPrefixFilters>
</serviceHostingEnvironment>.

In the STS Web.config file, update the address of client endpoint to match the service endpoint configured for the non secure host.

To specify the Commerce Foundation endpoint name and address on the STS Web.config

  • In the STS Web.config file, configure the Commerce Foundation client endpoint name and address to be the same as the one specified in the Web application Web.config file:

    <endpoint name="Foundation_ddbe7cae-94e0-4c14-8e7f-7070f8cf5211_Internet" address="http://<siteHostName>/Foundation/foundationservice.svc" binding="wsHttpBinding" contract="Microsoft.Commerce.IOperationService" />

In IIS, configure the ports on the Internet zone of the Web site to use HTTP bindings.

To configure HTTP binding and alternate access mapping

  • Use IIS Manager to configure HTTP bindings for both the nonsecure port (url:port) and the ssloffload port (url:port).

    For detailed information about how to configure binding using IIS Manager, see https://go.microsoft.com/fwlink/?LinkId=212262

In SharePoint 2010, configure alternate access mapping.

To configure alternate access mapping in SharePoint 2010

  • Configure the following alternate access mappings

    Hh567765.alert_caution(en-us,CS.95).gifImportant Note:

    Make sure the non secure URL is the main URL for the Internet zone

    1. Add the HTTPS URL as an internal address of the Internet zone.

    2. Add the HTTP URL with the offloadsslport as an internal URL of the Internet zone

    For example:

    Internal URL

    Zone

    Public URL for zone

    http:/<siteHostName>

    Internet

    http:/<siteHostName>

    https:/<siteHostName>

    Internet

    http:/<siteHostName>

    http:/<siteHostName>:8090

    Internet

    http:/<siteHostName>

    For detailed information about configuring alternate access mapping in SharePoint 2010, see https://go.microsoft.com/fwlink/?LinkId=212263