cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Thingworx self-signed certificate instructions not working

RP_10042303
2-Guest

Thingworx self-signed certificate instructions not working

I followed the instructions as specified in Article - CS193947.

After booting up the server on localhost. My http connection worked but the my https connection gives me a ERR: No Response from server.

 

I am using the portable edition on local pc for demo purposes.

For the config.xml

I commented out

```

<Connector port="${port.https}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile=".keystore" keystorePass="${https.keystorePassword}"
clientAuth="false" sslProtocol="TLS" />

```

And added

```

<Connector port="${port.https}" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="200" scheme="https" secure="true"
defaultSSLHostConfigName="Full Computer name as FQDN">
<SSLHostConfig hostName="Full Computer name as FQDN" sslProtocol="TLS">
<Certificate certificateKeystoreFile="keystore.pbx"
certificateKeystorePassword="Password0" certificateKeystoreType="PKCS12" />
</SSLHostConfig>
</Connector>

```

Attached is the original xml file (server.xml) that I made the changes to (Which works).

The server copy i'm trying to use with the removed is servernew.xml (Which only works for http, I removed FQDN and password in the attachment)

 

I didn't make any changes to any other config files and I have the generated keystore.pbx next to the original .keystore in the folder.

 

Any idea what is going wrong here?

I do what to get it signed by CA but as I understand it, this is the first step that must be completed.

1 ACCEPTED SOLUTION

Accepted Solutions
slangley
23-Emerald I
(To:AT_10013510)

Hi @AT_10013510

 

I'm not sure your keystore is in the correct format.  Give these instructions a try.

 

Regards.

 

--Sharon

View solution in original post

4 REPLIES 4

Check if you have your https port 443 or 8443 enabled in your server.xml 443 would be default

check this article as an example: https://community.ptc.com/t5/ThingWorx-Developers/SSL-certificate-issues/m-p/634390#M40333 

Hi Pai,

 

Yes I did have it enabled in the config. The port used was 8443. The server.xml was a working https config that I was using (Default with Thingworx portable).

I could navigate to the https://<FQDN>/ and it would work. When changing out to a new certificate following the article instructions It fails on the 8443 port.

I used the commented out code in the server.xml section as the basis and made the addition of

 

<Connector port="${port.https}" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="200" scheme="https" secure="true"
defaultSSLHostConfigName="Full Computer name as FQDN">
<SSLHostConfig hostName="Full Computer name as FQDN" sslProtocol="TLS">
<Certificate certificateKeystoreFile="keystore.pbx"
certificateKeystorePassword="Password0" certificateKeystoreType="PKCS12" />
</SSLHostConfig>
</Connector>

 

Where port.https in the config is set to 8443 like in the original configuration which worked.

slangley
23-Emerald I
(To:AT_10013510)

Hi @AT_10013510

 

I'm not sure your keystore is in the correct format.  Give these instructions a try.

 

Regards.

 

--Sharon

View solution in original post

Hi @slangley ,

 

You are correct, I was coming to post that I had the extension file name written down incorrectly. "pbx" instead of "pfx" but you beat me to it.

I guess too much telephone work.

For anyone else viewing, the error is not clear that it can't find the certificate file. If it doesn't work, also try the full path name.

Announcements