Re: Error connecting raspberry pi using ssl

snehalpatil · ‎Mar 04, 2018

Trying to connect Raspberry Pi to ThingWorx using the Edge MicroServer (EMS). Getting issue while binding the remote thing properties. Please guide to fix the issue. Something need to check

OS: Windows 10

Apache Tomcat : Apache Tomcat 8.5.13 Server (Java: Java\jre1.8.0_161)

Thingworx Platform: MED-61182-CD-080_SP7_ThingWorx-Platform-H2-8-0-7

Raspberry Pi - Linux raspberrypi 4.9.59-v7, armv7l architecture

EMS (v5.4.0) and LSR hosted same

Both systems are in same network. EMS - http server on the default port (localhost:8000). Lua script default port (localhost:8001).

Launched EMS sucessfully.

Configured the LSR & able to execute it (Logs: $ sudo ./luaScriptResource)

[FORCE] 2018-03-03 09:49:28,242 httpServer: starting http server port=8001
[INFO ] 2018-03-03 09:49:28,263 thingworx.shape: Creating a new shape.
[INFO ] 2018-03-03 09:49:28,264 PiThing: -- Configuration -------------------------------
[INFO ] 2018-03-03 09:49:28,265 PiThing: scanRate: 1000
[INFO ] 2018-03-03 09:49:28,265 PiThing: scanRateResolution: 500
[INFO ] 2018-03-03 09:49:28,265 PiThing: taskRate: 30000
[INFO ] 2018-03-03 09:49:28,265 PiThing: keepAliveRate: 60000
[INFO ] 2018-03-03 09:49:28,265 PiThing: requestTimeout: 15000
[INFO ] 2018-03-03 09:49:28,265 PiThing: registerRate: 43200000
[INFO ] 2018-03-03 09:49:28,266 PiThing: register: true
[INFO ] 2018-03-03 09:49:28,266 PiThing: getPropertySubscriptionOnReconnect: false
[INFO ] 2018-03-03 09:49:28,266 PiThing: maxConcurrentPropertyUpdates: 100
[INFO ] 2018-03-03 09:49:28,266 PiThing: defaultPushType: VALUE
[INFO ] 2018-03-03 09:49:28,266 PiThing: useShapes: true
[INFO ] 2018-03-03 09:49:28,266 PiThing: identifier: PiThing
[INFO ] 2018-03-03 09:49:28,266 PiThing: ------------------------------------------------
[INFO ] 2018-03-03 09:49:28,267 thingworx.template: Adding shape 'shapes.metadata' to template 'thingworx.template'
[INFO ] 2018-03-03 09:49:28,267 thingworx.template: Adding shape 'shapes.propsubscribe' to template 'thingworx.template'
[INFO ] 2018-03-03 09:49:28,268 thingworx.template: Creating new templates.PiTemplate named 'PiThing'
[INFO ] 2018-03-03 09:49:28,268 PiThing: -- Initializing properties ---------------------
[INFO ] 2018-03-03 09:49:28,268 PiThing: Initialized property upToDate [baseType: BOOLEAN, pushType: NEVER, handler: nil, value: true]
[INFO ] 2018-03-03 09:49:28,268 PiThing: Initialized property cpu_volt [baseType: NUMBER, pushType: VALUE, handler: nil, value: 0]
[INFO ] 2018-03-03 09:49:28,269 PiThing: Initialized property cpu_temperature [baseType: NUMBER, pushType: VALUE, handler: nil, value: 0]
[INFO ] 2018-03-03 09:49:28,269 PiThing: Initialized property cpu_freq [baseType: NUMBER, pushType: VALUE, handler: nil, value: 0]
[INFO ] 2018-03-03 09:49:28,269 PiThing: ------------------------------------------------
[INFO ] 2018-03-03 09:49:28,269 Thingworx: Registering identifier *PiThing for thing PiThing
[INFO ] 2018-03-03 09:49:29,270 PiThing: Identifier *PiThing registered with main Thingworx script for for Thing PiThing
[INFO ] 2018-03-03 09:49:31,240 PiThing: -- Starting script --------------------------
[INFO ] 2018-03-03 09:49:31,240 PiThing: Registering core callback handler
[INFO ] 2018-03-03 09:49:31,240 PiThing: Starting main loop
[INFO ] 2018-03-03 09:49:31,240 PiThing: Calling lifecycle start listeners.
[INFO ] 2018-03-03 09:49:31,241 shapes.propsubscribe: Initialized
[INFO ] 2018-03-03 09:49:31,242 thingworx.handler: Creating a new handler.

as per mentioned here

Tested WS EMS online with following commands (on EMS - raspberry pi)

Remote Thing property is connected.

pi@raspberrypi:~ $  curl http://localhost:8000/Thingworx/Things/LocalEms/Properties/isConnected

{"rows":[{"isConnected":true}],"datashape":{"fieldDefinitions":{"isConnected":{"name":"isConnected","description":"","baseType":"BOOLEAN","aspects":{}}}}}

pi@raspberrypi:~ $ curl http://localhost:8000/Thingworx/Things/SystemRepository/Properties/name
{"rows":[{"name":"SystemRepository"}],"datashape":{"fieldDefinitions":{"name":{"name":"name","description":"","baseType":"STRING","aspects":{}}}}}

Scripts is also running

pi@raspberrypi:~ $ curl http://localhost:8001/scripts
2 scripts installed

Name           Status         Result                                  File                                    
PiThing        Running                                                /home/pi/microserver/etc/ 
Thingworx      Running                                                /home/pi/microserver/etc/

Issue: Not able to Bind the remote Thing properties. (here > 5. Bind the remote Thing properties.)

Remote Thing(PiThing) > Manage Bindings > 'remote' section - available properties not listed, giving error "Error browsing properties. Be sure the remote device/server is connected and configured properly".

supandey · ‎Mar 05, 2018

Hi @snehalpatil could you configure the WS EMS logging to Trace and reproduce the issue with the SSL connectivity and attach the log here?

It will also help to see the config.json from WS EMS and lua.config from LSR configuration with SSL configuration. Have you tested the auto_bind configuration with Gateway in WS EMS's config.json file in SSL configuration to see if that still throws the same error?

snehalpatil · ‎Mar 05, 2018

Thingworx - http://192.168.1.22:443/Thingworx/Composer/index.html)

Please find the WS EMS logs (ws-ems-log.txt)

microserver/etc/config.json

{
"ws_servers": [{
   "host": "192.168.1.22",
   "port": 443
  }],
  "resource": "/Thingworx/WS",
  "appKey": "*********************",
  "http_server":  {
    "host": "localhost",
    "port": 8000,
    "ssl" : false,
    "authenticate" : false
  },
  "logger": {
    "level": "DEBUG"
  },
  "auto_bind": [{
    "name": "PiThing",
    "gateway": false,
    "host": "localhost"
  }],
  "certificates": {
    "validate": false,
    "allow_self_signed": false 
  } ,
  "ws_connection": {
    "encryption":   "none",
    "verbose":  true,
    "msg_timeout":  1000
  }
}

microserver/etc/config.lua

scripts.log_level = "INFO"
scripts.PiThing = {
  file = "thing.lua",
  template = "PiTemplate",
  identifier = "PiThing",
  scanRate = 1000,
  taskRate = 30000
}

scripts.script_resource_ssl = false
scripts.script_resource_authenticate = false

scripts.rap_host = "localhost"
scripts.rap_port = "8000" 

scripts.script_resource_host = "localhost"
scripts.script_resource_ssl = "false"
scripts.script_resource_port = "8001"

Trying to connect Raspberry Pi to ThingWorx using the Edge MicroServer (EMS). Getting issue while binding the remote thing properties. Tried without ssl.

snehalpatil · ‎Mar 07, 2018

Please guide to find the cause of issue & way to fix it? Will be helpful to process further.

Checked with https & http connectivity between WS EMS & Thingworx ( https://192.168.1.22/Thingworx/Composer/index.html )

While debuging issue today, getting following error

$ sudo ./wsems 
[FORCE] 2018-03-07 13:11:13,151 ./wsems: Initializing EMS ....
[FORCE] 2018-03-07 13:11:13,151 main: Using config file /home/pi/microserver/etc/config.json
[FORCE] 2018-03-07 13:11:13,152 httpServer: starting http server port=8000
[ERROR] 2018-03-07 18:41:13,169 SDK: twMap_Add: parse function returned null.

192.168.1.28:443-->[ERROR] 2018-03-07 13:11:14,317 UnencryptedClientStream::doopen: Error opening socket.  Error: 111
[ERROR] 2018-03-07 13:11:14,318 HttpClient::initialize: Exception while opening connection request to 127.0.0.1. Error: Error opening non-TLS socket [127.0.0.1:8002]
[ERROR] 2018-03-07 13:11:14,318 emsRequestHandler: Error executing request on Things/PiThing/Services/NotifyPropertyUpdate

Is above related to permission issue while connecting EMS to Thingworx? In microserver/etc/config.json configuration used Appkey with user have Administrator rights. Something more need to check for above?Please guide.

supandey · ‎Mar 07, 2018

Hi @snehalpatil referring to your posts containing configuration files for WS EMS and Lua, I can't see any configuration for SSL connectivity. With WS EMS 5.4.0 there are 3 levels of security that you can define, your current configuration doesn't seem to reflect any of them. Could you please refer to the topic Setting up secure communication for WS EMS and LSR, starting from page 97 in the attached document.

I believe that should help to demystify the secure setup of WS EMS & LSR with ThingWorx.

snehalpatil · ‎Mar 09, 2018

Hi supandey ,thank you for your reply.

Currently, used 'Minimally Secure Configuration with Default Certificate / Key', now luascript execution processed further after 'thingworx.handler: Creating a new handler.'.

Now getting ' httpserver: Server socket error: SSL Handshake Failed'. error on lua script execution. Working on it.

[ERROR] 2018-03-09 10:40:31,517 SDK: TW_SSL_ACCEPT: SSL handshake error. Error: error:00000000:lib(0):func(0):reason(0).
[ERROR] 2018-03-09 05:10:31,517 TlsServerStream::doopen: ssl_read returned an error: -1
[ERROR] 2018-03-09 05:10:31,518 httpserver: Server socket error: SSL Handshake Failed [*:53356]

WS EMS Error logs:

$ sudo ./wsems 
[FORCE] 2018-03-09 05:10:25,358 ./wsems: Initializing EMS ....
[FORCE] 2018-03-09 05:10:25,358 main: Using config file /home/pi/microserver/etc/config.json
[FORCE] 2018-03-09 05:10:25,359 httpServer: starting http server port=8000
[ERROR] 2018-03-09 10:40:25,377 SDK: twMap_Add: parse function returned null.

192.168.1.28:443-->[ERROR] 2018-03-09 10:40:31,761 SDK: twMessaging::handleMessage: Response ID 4 has code 160: Entity PiThing does not exist or is not yet associated with a Thing
[ERROR] 2018-03-09 10:40:32,28 SDK: twMessaging::handleMessage: Response ID 5 has code 160: Entity PiThing does not exist or is not yet associated with a Thing
[ERROR] 2018-03-09 10:40:33,346 SDK: twMessaging::handleMessage: Response ID 6 has code 160: Entity PiThing does not exist or is not yet associated with a Thing

Luascript logs:

$ sudo ./luaScriptResource 
[INFO ] 2018-03-09 05:10:29,370 ./luaScriptResource: Using config file: /home/pi/microserver/etc/config.lua
[FORCE] 2018-03-09 05:10:29,370 ./luaScriptResource: Starting up ....

[INFO ] 2018-03-09 05:10:29,375 luaScriptResource:main: Encryption is enabled on the RAP connection.
[INFO ] 2018-03-09 05:10:29,375 luaScriptResource:main: FIPS is disabled.
[INFO ] 2018-03-09 05:10:29,379 ./luaScriptResource: New path is /home/pi/amj_code_test/microserver/etc/thingworx/clibs:/home/pi/amj_code_test/microserver/etc/custom/clibs:/home/pi/amj_code_test/microserver/etc/community/clibs:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[WARN ] 2018-03-09 05:10:29,382 ScriptResource::initialize: Authentication is disabled on the HTTP Server.
[FORCE] 2018-03-09 05:10:29,427 httpServer: starting http server port=8001
[INFO ] 2018-03-09 05:10:29,441 thingworx.shape: Creating a new shape.
[INFO ] 2018-03-09 05:10:29,443 PiThing: -- Configuration -------------------------------
[INFO ] 2018-03-09 05:10:29,443 PiThing: scanRate: 1000
[INFO ] 2018-03-09 05:10:29,443 PiThing: scanRateResolution: 500
[INFO ] 2018-03-09 05:10:29,443 PiThing: taskRate: 30000
[INFO ] 2018-03-09 05:10:29,444 PiThing: keepAliveRate: 60000
[INFO ] 2018-03-09 05:10:29,444 PiThing: requestTimeout: 15000
[INFO ] 2018-03-09 05:10:29,444 PiThing: registerRate: 43200000
[INFO ] 2018-03-09 05:10:29,444 PiThing: register: true
[INFO ] 2018-03-09 05:10:29,444 PiThing: getPropertySubscriptionOnReconnect: false
[INFO ] 2018-03-09 05:10:29,444 PiThing: maxConcurrentPropertyUpdates: 100
[INFO ] 2018-03-09 05:10:29,445 PiThing: defaultPushType: VALUE
[INFO ] 2018-03-09 05:10:29,445 PiThing: useShapes: true
[INFO ] 2018-03-09 05:10:29,445 PiThing: identifier: Not Specififed
[INFO ] 2018-03-09 05:10:29,445 PiThing: ------------------------------------------------
[INFO ] 2018-03-09 05:10:29,446 thingworx.template: Adding shape 'shapes.metadata' to template 'thingworx.template'
[INFO ] 2018-03-09 05:10:29,447 thingworx.template: Adding shape 'shapes.propsubscribe' to template 'thingworx.template'
[INFO ] 2018-03-09 05:10:29,447 thingworx.template: Creating new templates.PiTemplate named 'PiThing'
[INFO ] 2018-03-09 05:10:29,447 PiThing: -- Initializing properties ---------------------
[INFO ] 2018-03-09 05:10:29,447 PiThing: Initialized property upToDate [baseType: BOOLEAN, pushType: NEVER, handler: nil, value: true]
[INFO ] 2018-03-09 05:10:29,447 PiThing: Initialized property cpu_volt [baseType: NUMBER, pushType: VALUE, handler: nil, value: 0]
[INFO ] 2018-03-09 05:10:29,447 PiThing: Initialized property cpu_temperature [baseType: NUMBER, pushType: VALUE, handler: nil, value: 0]
[INFO ] 2018-03-09 05:10:29,448 PiThing: Initialized property cpu_freq [baseType: NUMBER, pushType: VALUE, handler: nil, value: 0]
[INFO ] 2018-03-09 05:10:29,448 PiThing: ------------------------------------------------
[INFO ] 2018-03-09 05:10:31,417 PiThing: -- Starting script --------------------------
[INFO ] 2018-03-09 05:10:31,417 PiThing: Registering core callback handler
[INFO ] 2018-03-09 05:10:31,418 PiThing: Starting main loop
[INFO ] 2018-03-09 05:10:31,418 PiThing: Calling lifecycle start listeners.
[INFO ] 2018-03-09 05:10:31,418 shapes.propsubscribe: Initialized
[INFO ] 2018-03-09 05:10:31,419 thingworx.handler: Creating a new handler.
[ERROR] 2018-03-09 10:40:31,517 SDK: TW_SSL_ACCEPT: SSL handshake error. Error: error:00000000:lib(0):func(0):reason(0).
[ERROR] 2018-03-09 05:10:31,517 TlsServerStream::doopen: ssl_read returned an error: -1
[ERROR] 2018-03-09 05:10:31,518 httpserver: Server socket error: SSL Handshake Failed [*:53356]
[INFO ] 2018-03-09 05:10:31,518 PiThing: MicroServer is now available.
[INFO ] 2018-03-09 05:10:31,518 PiThing: MicroServer is online.
[INFO ] 2018-03-09 05:10:31,518 PiThing: Successfully registered PiThing with MicroServer.
[INFO ] 2018-03-09 05:10:31,762 PiThing: Error occured while accessing EMS. Checking isConnected.
[INFO ] 2018-03-09 05:10:31,794 PiThing: EMS is available: true, online: true
[INFO ] 2018-03-09 05:10:31,795 PiThing: Attempting to GetPropertySubscriptions from server failed. code: 500, result: 
[INFO ] 2018-03-09 05:10:32,28 PiThing: Error occured while accessing EMS. Checking isConnected.

microserver/etc/config.json

{
"ws_servers": [{
   "host": "192.168.1.28",
   "port": 443
  }],
  "resource": "/Thingworx/WS",
  "appKey": "*************************",
  "http_server":  {
    "host": "localhost",
    "port": 8000,
    "ssl" : true,
    "use_default_certificate" : true,
    "authenticate" : false
  },
  "logger": {
    "level": "ERROR"
  },
  "auto_bind": [{
    "name": "PiThing",
    "gateway": false,
    "host": "localhost",
    "ssl": true,
    "authenticate": false
  }],
  "certificates": {
    "validate": false,
    "allow_self_signed": true
  } ,
  "ws_connection": {
    "encryption":   "ssl",
    "verbose":  true,
    "msg_timeout":  1000
  }
}

microserver/etc/config.lua

scripts.log_level = "INFO"
scripts.PiThing = {
  file = "thing.lua",
  template = "PiTemplate",
  scanRate = 1000,
  taskRate = 30000
}

-- EMS Connection Configuration
scripts.rap_host = "localhost"
scripts.rap_port = 8000


-- EMS Connection TLS Configuration
scripts.rap_ssl = true
scripts.rap_deny_selfsigned = false
scripts.rap_validate = false

-- EMS Connection Authentication
-- Configuration
scripts.rap_server_authenticate = false

-- HTTP Server Configuration
scripts.script_resource_host = "localhost"
scripts.script_resource_port = 8001


-- HTTP Server TLS Configuration
scripts.script_resource_ssl = true
scripts.script_resource_use_default_certificate = true

-- HTTP Server Authentication
-- Configuration
scripts.script_resource_authenticate = false

snehalpatil · ‎Mar 09, 2018

Currently, used 'Minimally Secure Configuration with Default Certificate / Key'. Able to bound the remote thing properties on Thingworx platform. Remote Thing properties are updating.

But getting 'HTTP server: Server socket error: SSL Handshake Failed'. error on Lua script execution.

<pre>
[INFO ] 2018-03-09 12:00:52,29 PiThing: MicroServer is online.
[INFO ] 2018-03-09 12:00:52,29 PiThing: Successfully registered PiThing with MicroServer.
[ERROR] 2018-03-09 17:30:52,30 SDK: TW_SSL_ACCEPT: SSL handshake error. Error: error:00000000:lib(0):func(0):reason(0).
[ERROR] 2018-03-09 12:00:52,30 TlsServerStream::doopen: ssl_read returned an error: -1
[ERROR] 2018-03-09 12:00:52,30 httpserver: Server socket error: SSL Handshake Failed [*:59794]
[INFO ] 2018-03-09 12:00:52,344 PiThing: GetPropertySubscriptions called. 3 properties updated.
[ERROR] 2018-03-09 17:31:55,913 SDK: TW_SSL_READ: Error reading from SSL stream
[ERROR] 2018-03-09 17:31:55,913 SDK: TW_SSL_READ: Timed out or error waiting reading from socket. Error: error:00000000:lib(0):func(0):reason(0)
</pre>

Could you please guide here configuration I need to check for above 'SSL Handshake failed' issue? Configuration & logs files attached EMS-LSR-conf-log.zip for reference.

supandey · ‎Mar 12, 2018

Thanks for update. So do i understand it right that you are now able to connect without the SSL configuration, but connectivity fails when you enable SSL configuration according to the Minimally Secure Configuration with Default Certificate / Key?

Update:

Just adding this resource as reference if you haven't already seen it already Securing EMS / LSR - Protect your (Internet of) Things

supandey · ‎Mar 12, 2018

Just wondering what happens if you access the https://192.168.1.28:443/Thingworx from RaspberryPi?

Alex23 · ‎Apr 24, 2018

Hello,

I am facing the same issue as you and I configured the config.json and config.lua as you did.

Did you solve the issue and can you help me to solve it too.

Thanks

snehalpatil · ‎Apr 27, 2018

@Alex23 wrote:

Hello,

I am facing the same issue as you and I configured the config.json and config.lua as you did.

Did you solve the issue and can you help me to solve it too.

Thanks

Issue was solved with 'Minimally Secure Configuration with Default Certificate / Key' configuration files content.

Reference document ThingWorx_WebSocket_based_Edge_MicroServer_Developers_Guide_v5.4.0.pdf

Above may helpful.

Alex23 · ‎May 03, 2018

I configured my files with the Minimally Secure Configuration with Default Certificate / Key but I have this error :

[INFO ] 2018-05-03 14:36:14,625 PiThing: -- Starting script --------------------------
[INFO ] 2018-05-03 14:36:14,626 PiThing: Registering core callback handler
[INFO ] 2018-05-03 14:36:14,626 PiThing: Starting main loop
[INFO ] 2018-05-03 14:36:14,626 PiThing: Calling lifecycle start listeners.
[INFO ] 2018-05-03 14:36:14,626 shapes.propsubscribe: Initialized
[INFO ] 2018-05-03 14:36:14,627 thingworx.handler: Creating a new handler.
[ERROR] 2018-05-03 16:36:14,648 SDK: Error intializing socket connection.  Err = 111
[ERROR] 2018-05-03 14:36:14,649 HttpClient::initialize: Exception while opening connection request to 127.0.0.1. Error: Error initializing socket [127.0.0.1:8080]
[ERROR] 2018-05-03 14:36:14,649 luaBindings::httpPost: Error POSTing to HTTP Server at 127.0.0.1/Thingworx/Things/LocalEms/Services/AddEdgeThing
[INFO ] 2018-05-03 14:36:14,649 PiThing: Error occured while accessing EMS. Checking isConnected.
[ERROR] 2018-05-03 16:36:14,652 SDK: Error intializing socket connection.  Err = 111
[ERROR] 2018-05-03 14:36:14,652 HttpClient::initialize: Exception while opening connection request to 127.0.0.1. Error: Error initializing socket [127.0.0.1:8080]
[ERROR] 2018-05-03 14:36:14,652 luaBindings::httpGet: Error GETing from HTTP server at 127.0.0.1/Thingworx/Things/LocalEms/Properties/isConnected
[INFO ] 2018-05-03 14:36:14,652 PiThing: EMS is available: false, online: false

alex.augot · ‎Mar 13, 2018

Hi @snehalpatil,

I think the problem here is you're auto-binding with the same thingname as you're trying to use on the Lua ScriptResource - PiThing. Try removing the 'auto-bind' settings from config.json and you should be able to browse the remote properties in composer

FlorentR · ‎Jul 04, 2018

I had the same issue.

In order to see the remote thing in the identifier list when creating the thing on the Thingworx cloud, you simply have to add an asterisk before your thing name in the auto binding section of your config.json configuration file :

"auto_bind": [{
    "name": "*PiThing",...