I'm trying to connect my .NET agent to Thingworx using a secure websocket connection (WSS), I've already configured my tomcat, and from Chrome it works successfully on HTTPS.
1 - Every time i try to connect, the client gives me back this error
2 - the client has been configured this way, using a config file for edit connection's details.
3 - I can't understand why i have to specify the location of the Server Certificate on the Client side!
Doesn't it should be retrieved by the client on the initial handshake?
Thanks in advance!!
Can you please post the error you are seeing? It does not show up in the post.
Ideally the server would provide it's public key and the intermediate CA key as well to build a route of trust to a known root. If you have no known roots in your environment you would need to provide that to the end device.
Are you using a self-signed certificate? Is so, the following properties are set to true, I assume:
If you have found a solution to your problem, please post it here or mark one of the previous responses as the Accepted Solution. If you are still having issues, please let us know.
Hi, yes my configuration is:
// TLS CertFileInfo serverCertFileInfo = new CertFileInfo(); serverCertFileInfo.FilePath = ConfigurationManager.AppSettings["ServerCertificateFilePath"].ToString(); serverCertFileInfo.CertType = 1; // '0' for axTLS config.ServerCertFileInfo = serverCertFileInfo; CertFileInfo clientCertFileInfo = new CertFileInfo(); clientCertFileInfo.FilePath = ConfigurationManager.AppSettings["ClientCertificateFilePath"].ToString(); clientCertFileInfo.CertType = 1; // '0' for axTLS config.ClientCertFileInfo = clientCertFileInfo; KeyFileInfo keyFileInfo = new KeyFileInfo(); keyFileInfo.FilePath = ConfigurationManager.AppSettings["ClientKeyFilePath"].ToString(); keyFileInfo.Passphrase = ConfigurationManager.AppSettings["ClientKeyFilePassphrase"].ToString(); keyFileInfo.KeyType = 0; config.ClientKeyFileInfo = keyFileInfo; config.AllowSelfSignedCertificates = Boolean.Parse(ConfigurationManager.AppSettings["AllowSelfSignedCertificates"].ToString()); config.DisableCertValidation = Boolean.Parse(ConfigurationManager.AppSettings["DisableCertValidation"].ToString());
For the certificates, I'm using self-signed and I created them for the CA, .NET Application and TW Tomcat.
1- On the tomcat I've already set up the server.conf, indeed I'm able to use HTTPS by Chrome)
2- Chrome shows it as trusted, since I added the CA cert to my Windows (Client) trusted roots.
3- Actually i don't wanna validate Client cert on the server, just validate the Server.
3- I'm not able to connect with Thingworx over WSS since on the client it gives me back this error: "com.thingworx.communications.client.TwApiWrapper Error: 0 : [Error] twWs_Connect: Error trying to connect"
From reviewing the information you provided, there could be a number of things going on. With your approval, I will be happy to open a case for this so that it can be worked over a WebEx.
Please let me know if you would like to move forward with that approach.