Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X
Hi,
I'm looking for an example or other resource to assist with configuring client certificate authentication in Java. Several pages of the Edge Help Center/Java SDK Developer's guide refer to client authentication as a supported feature, but I don't see any examples for configuring this. The procedure is apparently different than with the .NET SDK, as the Java ClientConfigurator does not seem to have methods for ClientCertFileInfo/ServerCertFileInfo as the .NET ClientConfigurator does. If anyone could point me to an example or documentation that explains how to select a client certificate file for securing the connection to Thingworx, I would appreciate it greatly. In fact - and I'm guessing this is similar - it would be helpful to get an example for setting the truststore on the client for validating the server SSL certificate as well. I realize I can do this through the JRE cacerts truststore but I don't want to alter the machine-wide configuration if possible. Thanks!
Solved! Go to Solution.
Ah, thanks; I had looked at that whole section but left that out of the list. HOWEVER, looking at this page more closely DID lead me to the solution! Noting that the steps there include setting the javax.net.ssl.trustStore property, I was able to authenticate the client by setting the corresponding keyStore system properties:
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStore", "C:/...");
System.setProperty("javax.net.ssl.keyStorePassword", "12341234");
I was so focused on setting this through the SDK that using the system properties didn't occur to me before. I believe it may be helpful to include these settings in future versions of the "Setting Up SSL/TLS Certificates" instructions you linked. Thanks to everyone for the assistance!
Are you looking for this ("http://support.ptc.com/cs/help/thingworx_hc/thingworx_edge/index.jspx?id=thingworx1103&action=show")?
Thanks for the reply, but I don't think I am. I'm not sure if you meant to link to a specific page in the help center - the link is just loading the index - but I haven't been able to find what I need in there. Several pages in the Java SDK section, particularly in the "Security for Edge SDK Applications" subsection, refer to client authentication but do not explain how to configure the client application to support this. I expected to find a method on the ClientConfigurator class like "setClientCertificateFile" - the .NET ClientConfigurator seems to have a method for this, but as far as I can tell the Java version doesn't. The pages I've found that discuss the ClientConfigurator and client auth are:
Connecting an Application to the Thingworx Platform
Running the SimpleThingClient Application
Validation of SSL/TLS Certificates
Along with the PTC support guides mentioned by Sushant, I believe I have all the pieces of a working demo with client auth except for configuring the client to send a certificate. I'm not sure if I need a specific SDK version, if I need to look at a different part of the client application/jvm configuration, if I'm overlooking something, or if this isn't actually supported in Java.
Again, thank you very much for the reply and the link.
Did you look at the Setting Up SSL/TLS Certificates section? That may help.
Meghan
Ah, thanks; I had looked at that whole section but left that out of the list. HOWEVER, looking at this page more closely DID lead me to the solution! Noting that the steps there include setting the javax.net.ssl.trustStore property, I was able to authenticate the client by setting the corresponding keyStore system properties:
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStore", "C:/...");
System.setProperty("javax.net.ssl.keyStorePassword", "12341234");
I was so focused on setting this through the SDK that using the system properties didn't occur to me before. I believe it may be helpful to include these settings in future versions of the "Setting Up SSL/TLS Certificates" instructions you linked. Thanks to everyone for the assistance!
Hi JD, do you have access to the support.ptc.com? If you have you can access the following articles with examples
Hope this helps.
Thanks for the reply! I have already set up the Tomcat server for client certificate auth and confirmed that it works as expected with other clients. What I'm looking for is how to configure the Java Edge SDK (on the client side) to send a client certificate when connecting to the Thingworx Server.
Hi JD Kilgallin Yes configuring client certificate authentication in Java is possible . You would need to develop your own Authentication extension by extending the Custom Authentication provided by Thingworx.
Please let me know if this is what you are looking for . I can help you with this.
Thanks, I just found what I need from Meghan's comment. Are you referring to the "Authenticator" extensions on the platform? My understanding is that these aren't used to authenticate IoT devices, only users accessing the web interface, correct? A custom authenticator for device connections is something I'm looking to implement, so I would be very interested if you have information on that. Thanks again!
Ravi,
You do not use an authentication extension to do this. That is strictly for platform authentication, not the Java SDK.
Meghan
Meghan Hollenbach Thank you for clarification on this. Probably , this was the reason why I asked about my understanding about the Problem statement from JD Kilgallin.
Thanks once again.