Skip to main content
V
vi116-Pearl
16-Pearl
April 12, 2021
Solved

SSL configuration for Azure IoT Hub connector configuration

  • April 12, 2021
  • 1 reply
  • 3203 views

Hi,

 I have enabled https configuration in server.xml in Tomcat folder. What are steps to follow in Azure IoT Hub configuration to enable the https? I am using Thingworx 8.5.1 version and IoT Hub 3.0.2.

I have added below configuration in environment variable. azre-iot service is not running if set below configuration. Azure IoTHub connector was working correctly without enable https and also receiving the data correctly from Azure IoT Hub to Thingworx. I have followed Thingworx help document.

 

 

"AZURE_IOT_OPTS=-Djavax.net.ssl.trustStore=
C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\cacerts-customized -Djavax.net.ssl.trustStorePassword=xxxxxxx"

 

Also, I have updated in conf. "platforms = "wss://localhost:443/Thingworx/WS"

 

Regards,

Latha

Best answer by vi1

Hi,

 

This issue resolved through support ticket. We have added SSL certificate into Java trust store. After that, its established connection between thingworx and azure IoT Hub.

 

Thank you

Latha

1 reply

S
SachinSharma16-Pearl
16-Pearl
April 12, 2021

Hi @vi1 

 

What is the error you are getting in cxserver.log file located at Azure-IoT-Hub-Connector-<ver>\connector\bin\ when you are trying to connect using SSL?

 

Regards,

Sachin

V
vi116-PearlAuthor
16-Pearl
April 12, 2021

Hi,

 

Thank you for replay.

 

I am getting below error in cxserver log. what is the configuration in environment variable for ssl. Below is the configuartion in environment variable.

AZURE_IOT_OPTS=-Djavax.net.ssl.trustStore=C:\\Program Files\\Apache Software Foundation\\Tomcat 9.0\\conf\\cerificatename.pfx -Djavax.net.ssl.trustStorePassword=xxxxx

 

2021-04-12T01:52:01.779 [NettyClient-NIO-1] ERROR c.t.s.i.t.netty.NettyChannelHandler - [ClientHandler: b17106b7] WebSocket error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, closing connection!
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:353)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:296)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917)
at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1510)
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1524)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1408)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1282)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
... 16 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:275)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:140)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:630)
... 31 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 37 common frames omitted

 

Regards,

Latha

S
SachinSharma16-Pearl
16-Pearl
April 12, 2021

@vi_01 

 

Refer following help center guide, navigate to section When Using SSL/TLS and set the environment variable as mentioned there. Make sure that you do NOT use double quotation marks when setting the environment variable on Windows. If you use them, the Connector will fail to start.

 

Regards,

Sachin

Terms & ConditionsAccessibility statement