Connect Agent .NET by WSS to Thingworx

AlessandroN · ‎Sep 09, 2019

Hi all,

I'm trying to connect my .NET agent to Thingworx using a secure websocket connection (WSS), I've already configured my tomcat, and from Chrome it works successfully on HTTPS.

1 - Every time i try to connect, the client gives me back this error

(ATTACHED_1)

2 - the client has been configured this way, using a config file for edit connection's details.

(ATTACHED_2)

3 - I can't understand why i have to specify the location of the Server Certificate on the Client side!
Doesn't it should be retrieved by the client on the initial handshake?

Thanks in advance!!

ckaminski · ‎Sep 09, 2019

Hello, Allessandron:

Can you please post the error you are seeing? It does not show up in the post.

Regards,

-Chris Kaminski

AlessandroN · ‎Sep 10, 2019

Hi ckaminski, I'm sorry for that :D
I've just edited.

ckaminski · ‎Sep 16, 2019

Ideally the server would provide it's public key and the intermediate CA key as well to build a route of trust to a known root. If you have no known roots in your environment you would need to provide that to the end device.

Are you using a self-signed certificate? Is so, the following properties are set to true, I assume:

ClientConfigurator.AllowSelfSignedCertificates = true
ClientConfigurator.DisableCertValidation = true

AlessandroN · ‎Oct 24, 2019

Hi, yes my configuration is:

// TLS
            CertFileInfo serverCertFileInfo = new CertFileInfo();
            serverCertFileInfo.FilePath = ConfigurationManager.AppSettings["ServerCertificateFilePath"].ToString();
            serverCertFileInfo.CertType = 1; // '0' for axTLS
            config.ServerCertFileInfo = serverCertFileInfo;
            
            CertFileInfo clientCertFileInfo = new CertFileInfo();
            clientCertFileInfo.FilePath = ConfigurationManager.AppSettings["ClientCertificateFilePath"].ToString();
            clientCertFileInfo.CertType = 1; // '0' for axTLS
            config.ClientCertFileInfo = clientCertFileInfo;
            KeyFileInfo keyFileInfo = new KeyFileInfo();
            keyFileInfo.FilePath = ConfigurationManager.AppSettings["ClientKeyFilePath"].ToString();
            keyFileInfo.Passphrase = ConfigurationManager.AppSettings["ClientKeyFilePassphrase"].ToString();
            keyFileInfo.KeyType = 0;
            config.ClientKeyFileInfo = keyFileInfo;
            
            config.AllowSelfSignedCertificates = Boolean.Parse(ConfigurationManager.AppSettings["AllowSelfSignedCertificates"].ToString());
            config.DisableCertValidation = Boolean.Parse(ConfigurationManager.AppSettings["DisableCertValidation"].ToString());

For the certificates, I'm using self-signed and I created them for the CA, .NET Application and TW Tomcat.
1- On the tomcat I've already set up the server.conf, indeed I'm able to use HTTPS by Chrome)

2- Chrome shows it as trusted, since I added the CA cert to my Windows (Client) trusted roots.

3- Actually i don't wanna validate Client cert on the server, just validate the Server.

3- I'm not able to connect with Thingworx over WSS since on the client it gives me back this error: "com.thingworx.communications.client.TwApiWrapper Error: 0 : [Error] twWs_Connect: Error trying to connect"

smainente · ‎Sep 17, 2019

Hi Alessandro,

What flavor of the .NET SDK are you using ? FIPS or AxTLS ?

slangley · ‎Sep 24, 2019

Hi @AlessandroN.

If you have found a solution to your problem, please post it here or mark one of the previous responses as the Accepted Solution. If you are still having issues, please let us know.

Regards.

--Sharon

slangley · ‎Nov 19, 2019

Hi @AlessandroN.

From reviewing the information you provided, there could be a number of things going on. With your approval, I will be happy to open a case for this so that it can be worked over a WebEx.

Please let me know if you would like to move forward with that approach.

Regards.

--Sharon