Skip to main content
J
jkilgallin1-Visitor
1-Visitor
October 9, 2016
Solved

Client certificate authentication in Java

  • October 9, 2016
  • 4 replies
  • 8032 views

Hi,

I'm looking for an example or other resource to assist with configuring client certificate authentication in Java. Several pages of the Edge Help Center/Java SDK Developer's guide refer to client authentication as a supported feature, but I don't see any examples for configuring this. The procedure is apparently different than with the .NET SDK, as the Java ClientConfigurator does not seem to have methods for ClientCertFileInfo/ServerCertFileInfo as the .NET ClientConfigurator does. If anyone could point me to an example or documentation that explains how to select a client certificate file for securing the connection to Thingworx, I would appreciate it greatly. In fact - and I'm guessing this is similar - it would be helpful to get an example for setting the truststore on the client for validating the server SSL certificate as well. I realize I can do this through the JRE cacerts truststore but I don't want to alter the machine-wide configuration if possible. Thanks!

Best answer by jkilgallin

Ah, thanks; I had looked at that whole section but left that out of the list. HOWEVER, looking at this page more closely DID lead me to the solution! Noting that the steps there include setting the javax.net.ssl.trustStore property, I was able to authenticate the client by setting the corresponding keyStore system properties:

System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");

System.setProperty("javax.net.ssl.keyStore", "C:/...");

System.setProperty("javax.net.ssl.keyStorePassword", "12341234");

I was so focused on setting this through the SDK that using the system properties didn't occur to me before. I believe it may be helpful to include these settings in future versions of the "Setting Up SSL/TLS Certificates" instructions you linked. Thanks to everyone for the assistance!

4 replies

D
dmoon5-Regular Member
5-Regular Member
October 11, 2016

Are you looking for this ("http://support.ptc.com/cs/help/thingworx_hc/thingworx_edge/index.jspx?id=thingworx1103&action=show")?

J
jkilgallin1-VisitorAuthor
1-Visitor
October 11, 2016

Thanks for the reply, but I don't think I am. I'm not sure if you meant to link to a specific page in the help center - the link is just loading the index - but I haven't been able to find what I need in there. Several pages in the Java SDK section, particularly in the "Security for Edge SDK Applications" subsection, refer to client authentication but do not explain how to configure the client application to support this. I expected to find a method on the ClientConfigurator class like "setClientCertificateFile" - the .NET ClientConfigurator seems to have a method for this, but as far as I can tell the Java version doesn't. The pages I've found that discuss the ClientConfigurator and client auth are:

Connecting an Application to the Thingworx Platform

Running the SimpleThingClient Application

ClientConfigurator Class

About the SSL/TLS Protocol

Certificates Required

Validation of SSL/TLS Certificates

Along with the PTC support guides mentioned by Sushant, I believe I have all the pieces of a working demo with client auth except for configuring the client to send a certificate. I'm not sure if I need a specific SDK version, if I need to look at a different part of the client application/jvm configuration, if I'm overlooking something, or if this isn't actually supported in Java.

Again, thank you very much for the reply and the link.

M
mhollenbach5-Regular Member
5-Regular Member
October 11, 2016

Did you look at the Setting Up SSL/TLS Certificates section? That may help.

Meghan

S
supandey5-Regular Member
5-Regular Member
October 11, 2016

Hi JD, do you have access to the support.ptc.com? If you have you can access the following articles with examples

  1. ThingWorx setup SSL / HTTPS on Tomcat with Self-Signed Certificate
  2. Configuring ThingWorx / Tomcat for SSL using a Signed Certificate from a Certificate Authority (CA)

Hope this helps.

J
jkilgallin1-VisitorAuthor
1-Visitor
October 11, 2016

Thanks for the reply! I have already set up the Tomcat server for client certificate auth and confirmed that it works as expected with other clients. What I'm looking for is how to configure the Java Edge SDK (on the client side) to send a client certificate when connecting to the Thingworx Server.

R
rupadhyay1-Visitor
1-Visitor
October 11, 2016

Hi JD Kilgallin​ Yes configuring client certificate authentication in Java  is possible . You would need to develop your own Authentication extension by extending the Custom Authentication provided by Thingworx.

Please let me know if this is what you are looking for . I can help you with this.

J
jkilgallin1-VisitorAuthor
1-Visitor
October 11, 2016

Thanks, I just found what I need from Meghan's comment. Are you referring to the "Authenticator" extensions on the platform? My understanding is that these aren't used to authenticate IoT devices, only users accessing the web interface, correct? A custom authenticator for device connections is something I'm looking to implement, so I would be very interested if you have information on that. Thanks again!

R
rupadhyay1-Visitor
1-Visitor
October 12, 2016

Meghan Hollenbach​  Thank you for clarification on this. Probably , this was the reason why I asked about my understanding about the Problem statement from JD Kilgallin.

Thanks once again.

Terms & ConditionsAccessibility statement