Replace the CA_ALIAS with some identifying string like MyPrivateCertificateAuthority. It did not appear to care about the CA_ALIAS value used.
Replace path/to/truststore to point to the file that already exists or you want to create.
Replace path/to/TrustStore with the pathname of the file you created / updated with keytool above.
Replace xxxx with whatever password you used in the keytool command above
Hi, I am able to perform steps till 7th point, I didn't find any key store where I can put the ca_cert file path. So where can I find Keystore in ThingWorx's Dashboard?
Sushant, I am doing all steps on web portal of ThingWorx, so please tell how can I use Java's keytool for that.
If your Thingworx Tomcat instance is secured, look at the conf/server.xml file to see where it gets its cert or keystore files from. If they are text files, then you can reference those files from the exact same locations. If they are binary files, you have to use keytool and/or` ` openssl commands to extract the cert and key files from that binary (see appsec - How can I export my private key from a Java Keytool keystore? - Information Security Stack ...). Put the extracted files anywhere you'd like that is not visible to any web server and reference them from there. I see no problem with leaving the extracted key and cert files in the same directory with the keystore files.
I haven't installed Foundation Server on my local machine, I am using the ThingWorx server provided on the web portal. So should I need to install ThingWorx's Foundation Server locally or on the cloud to make above changes (from step no 8)?
Hi I followed the steps suggested by you, even though I am unable to connect to the Broker. I see following logs in the broker log file,
1480508847: OpenSSL Error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
1480508847: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1480508847: Socket error on client <unknown>, disconnecting.
Did you change your connection string from mqtt://system:port or tcp://system:port to ssl://system:port? If you don't do that, you're not using the right protocol to establish the secure connection. The errors you got are basically the same as you'd see if you connect to an https server using http protocol.
It's not a file - it's how your client code references the MQTT server. You have to be specifying something like mqtt://server:port or tcp://server:port and with a secure server, you have to specify the connection as ssl://server:port.
So find your connection string in your client code or config file and update it appropriately.