Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

No SSL certification in C SDK


No SSL certification in C SDK

Just a simple method to disable SSL certification in the SteamSensor sample in C SDK, for those who wants to use that in development mode or show to customer, as you may know use twApi_DisableCertValidation() function will not work:

1. Locate the src/config/twConfig.h in the SDK file, add:

#define USING_NO_TLS


right after #define OFFLINE_MSG_STORE 1, the result should be like:

2016-3-2 16-53-39.png

2. Locate  the src/tls/twTls.h in the SDK file, modify #include TW_TLS_INCLUDE to include more condition:

#if defined USING_AXTLS

#include "twAxTls.h"

#elif defined USING_NO_TLS

#include "twNoTls.h"




and the result should be like:

2016-3-2 16-57-08.png

After all these are done, compile your code and start, you will connect to your Thingworx server without SSL.


Although we provide this capability to make development easier, never deploy the EMS in production without SSL.

Agreed, I was asked about how to disable the SSL in the C SDK several times for demo purpose in the past couple of months, just for those who need this.

Why do you say twApi_DisableCertValidation() does not work?  What that does is prevent the checking of the certificate entries to ensure they match those that are set using twApi_SetX509Fields().

If you want to disable checking valid signing authority of the certificate so that you can use self-signed certificates for demo purposes, you should use the function twApi_SetSelfSignedOk(). 

If you want to induce MAJOR SECURITY RISKS by disabling encryption altogether then you would use USING_NO_TLS.  This should only be used in very limited circumstances where the edge and ThingWorx server are deployed inside a firewall within the same security domain and where deep packet inspection of all traffic is a requirement (i.e. some military installations may require that)

"It's just a demo" is never an excuse to not use encryption. The ThingWorx server ships with self-signed certificates (at least it used to, even if not, it is a simple single command to create one), so using TLS requires very, very little extra effort.

Yes, you are right, not using ecryption shouldn't be recommanded.

I have done several tests with the combination of twApi_DisableCertValidation() and twApi_SetSelfSignedOk(), but seems that doesn't work if you don't use SSL on Thingworx server side, so my purpose is just to give a way for those who doesn't want to use SSL at server side for presales demo.

Top Tags