0

I use WSO2 IoT to managnament smartphones. When i open web devicemgt i have unsecure connection like this: no ssl. I have generated SSL certificate - .cer, .pem, .key files and password to key. How can I setup secure connection with site of WSO2IoT device managnament?

Community
  • 1
  • 1
Dawid Tomaszewski
  • 1

1 Answers1

0

IoTS "devicemgt" app has SSL support(port 9443). However, a self-signed certificate is been used for SSL communication, In order to have a valid certificate, you might need to create a new certificate with a trusted CA.

Once you create the new keys you can follow [1] to configure it. If you have created a new hostname in the process of generating the new keys then you might need to follow [2] as well.

In addition to above, if you have changed the IP and the keys then you might need to check below configs as well.

1) If you have changed the alias of the default cert from wso2carbon then make sure to enter the new values to the files listed in [1]. In addition, make sure to change the "wso2carbon" alias to the new alias in the below files.

core/repository/deployment/server/jaggeryapps/portal/configs/designer.json (identityAlias)

core/repository/deployment/server/jaggeryapps/devicemgt/app/conf/app-conf.json (identityAlias)

core/repository/conf/etc/webapp-authenticator-config.xml (there would be 3 entries)

2) wso2 IoT server uses JWT token for the server to server communication. If you have changed the cert then could it be possible to update the identity provider(IDP) with the new cert?. please follow below steps to update the IDP.

2.1) export the public cert to pem format (if it is not already in the pem format)

openssl x509 -inform DER -outform PEM -in mycert.cert -out server.crt.pem

2.2) Open server.crt.pem and copy the content between BEGIN CERTIFICATE and END CERTIFICATE and replace the element in the file based IDP, which can be found in "core/repository/conf/identity/identity-providers/iot_default.xml"

3) replace localhost for below entries in core/bin/wso2server.sh

-Diot.keymanager.host="wso2.exterminator.com" \

-Diot.gateway.host="wso2.exterminator.com" \

-Diot.core.host="wso2.exterminator.com" \

4) Set "true" to "EnabledUpdateApi" in the file - "core/repository/conf/etc/webapp-publisher-config.xml". This will republish all the APIs with the new host.

5) In the "core/repository/deployment/server/jaggeryapps/portal/configs/designer.json", Replace localhost to wso2.prokino.nl in the below json entry.

"host": {

"hostname": "wso2.prokino.nl",

"port": "",

"protocol": ""

}

[1] https://docs.wso2.com/display/IoTS300/Configuring+Keystores+in+WSO2+Products

[2] https://docs.wso2.com/display/IoTS300/Configuring+WSO2+IoT+Server+with+the+IP

exterminator
  • 250
  • 4
  • 11