Recently I was working on an Experience Manager installation where the pre-dev application (XPM enabled) had a SSL certificate installed. When we installed Experience Manager and tried firing it up for the first time we notice that all our scripts were being blocked. The error in the console told us that we were trying to load scripts from unauthenticated sources; AH – we were trying to load the XPM bootstrap javascript file from an HTTPS site, while the CM was just communicating over HTTP.

Simple enough; we installed a self-signed certificate and the script was able to be loaded without us having to disable the authentication check via the Chrome settings. However, when we loaded XPM we were getting an error that the following WS call was returning a 404 when we tried to open XPM – disabling the interface:


I’ve seen errors similar to this before when opening XPM – and the typical remedy was to restart the CM (IIS included), however no dice this time around. The next step was to  check the Windows Event Viewer Application logs, but no errors were being logged. Hmmm. I decided to start poking around the SiteEdit folders to check if there was some setting we had missed when installed the certificate, so I happened upon the Web.config file for SiteEdit at ‘Tridion\web\WebUI\Models\SiteEdit’.


The same should be done to the Web.config file located at : ‘%TRIDION_HOME%\web\WebUI\Editors\DevicePreview\Web.config’.

After I uncommented this section and restarted the CM, everything was back to normal. As a final note; if you’re trying to validate the XPM installation and are blocked by waiting for the installation of the certificate, you can actually disable Chromes security checks to block scripts over different protocols via the following:

blocked content Chrome

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>