cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Client certificate authentication in Java

jkilgallin
1-Newbie

Client certificate authentication in Java

Hi,

I'm looking for an example or other resource to assist with configuring client certificate authentication in Java. Several pages of the Edge Help Center/Java SDK Developer's guide refer to client authentication as a supported feature, but I don't see any examples for configuring this. The procedure is apparently different than with the .NET SDK, as the Java ClientConfigurator does not seem to have methods for ClientCertFileInfo/ServerCertFileInfo as the .NET ClientConfigurator does. If anyone could point me to an example or documentation that explains how to select a client certificate file for securing the connection to Thingworx, I would appreciate it greatly. In fact - and I'm guessing this is similar - it would be helpful to get an example for setting the truststore on the client for validating the server SSL certificate as well. I realize I can do this through the JRE cacerts truststore but I don't want to alter the machine-wide configuration if possible. Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Ah, thanks; I had looked at that whole section but left that out of the list. HOWEVER, looking at this page more closely DID lead me to the solution! Noting that the steps there include setting the javax.net.ssl.trustStore property, I was able to authenticate the client by setting the corresponding keyStore system properties:

System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");

System.setProperty("javax.net.ssl.keyStore", "C:/...");

System.setProperty("javax.net.ssl.keyStorePassword", "12341234");

I was so focused on setting this through the SDK that using the system properties didn't occur to me before. I believe it may be helpful to include these settings in future versions of the "Setting Up SSL/TLS Certificates" instructions you linked. Thanks to everyone for the assistance!

View solution in original post

10 REPLIES 10
dmoon
5-Regular Member
(To:jkilgallin)

Thanks for the reply, but I don't think I am. I'm not sure if you meant to link to a specific page in the help center - the link is just loading the index - but I haven't been able to find what I need in there. Several pages in the Java SDK section, particularly in the "Security for Edge SDK Applications" subsection, refer to client authentication but do not explain how to configure the client application to support this. I expected to find a method on the ClientConfigurator class like "setClientCertificateFile" - the .NET ClientConfigurator seems to have a method for this, but as far as I can tell the Java version doesn't. The pages I've found that discuss the ClientConfigurator and client auth are:

Connecting an Application to the Thingworx Platform

Running the SimpleThingClient Application

ClientConfigurator Class

About the SSL/TLS Protocol

Certificates Required

Validation of SSL/TLS Certificates

Along with the PTC support guides mentioned by Sushant, I believe I have all the pieces of a working demo with client auth except for configuring the client to send a certificate. I'm not sure if I need a specific SDK version, if I need to look at a different part of the client application/jvm configuration, if I'm overlooking something, or if this isn't actually supported in Java.

Again, thank you very much for the reply and the link.

mhollenbach
5-Regular Member
(To:jkilgallin)

Did you look at the Setting Up SSL/TLS Certificates section? That may help.

Meghan

Ah, thanks; I had looked at that whole section but left that out of the list. HOWEVER, looking at this page more closely DID lead me to the solution! Noting that the steps there include setting the javax.net.ssl.trustStore property, I was able to authenticate the client by setting the corresponding keyStore system properties:

System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");

System.setProperty("javax.net.ssl.keyStore", "C:/...");

System.setProperty("javax.net.ssl.keyStorePassword", "12341234");

I was so focused on setting this through the SDK that using the system properties didn't occur to me before. I believe it may be helpful to include these settings in future versions of the "Setting Up SSL/TLS Certificates" instructions you linked. Thanks to everyone for the assistance!

supandey
19-Tanzanite
(To:jkilgallin)

Hi JD, do you have access to the support.ptc.com? If you have you can access the following articles with examples

  1. ThingWorx setup SSL / HTTPS on Tomcat with Self-Signed Certificate
  2. Configuring ThingWorx / Tomcat for SSL using a Signed Certificate from a Certificate Authority (CA)

Hope this helps.

Thanks for the reply! I have already set up the Tomcat server for client certificate auth and confirmed that it works as expected with other clients. What I'm looking for is how to configure the Java Edge SDK (on the client side) to send a client certificate when connecting to the Thingworx Server.

Hi JD Kilgallin​ Yes configuring client certificate authentication in Java  is possible . You would need to develop your own Authentication extension by extending the Custom Authentication provided by Thingworx.

Please let me know if this is what you are looking for . I can help you with this.

Thanks, I just found what I need from Meghan's comment. Are you referring to the "Authenticator" extensions on the platform? My understanding is that these aren't used to authenticate IoT devices, only users accessing the web interface, correct? A custom authenticator for device connections is something I'm looking to implement, so I would be very interested if you have information on that. Thanks again!

mhollenbach
5-Regular Member
(To:rupadhyay)

Ravi,

You do not use an authentication extension to do this. That is strictly for platform authentication, not the Java SDK.

Meghan

Meghan Hollenbach​  Thank you for clarification on this. Probably , this was the reason why I asked about my understanding about the Problem statement from JD Kilgallin.

Thanks once again.

Top Tags