Configuring the Connector for Remote Access
When an Axeda Global Access Server registers with the eMessage Connector for the first time, the Connector performs validation checks and creates a GAS Thing (based on the GASModel Thing Template) on the platform. It sets Thing properties from values of attributes sent in the GAS registration message. If it is not already set, the firstRegistrationDate property is set to the current date.Then the latestRegistrationDate property is set on the Thing.
If a Thing already exists for the GAS, the latestRegistrationDate is updated to the current date.
Remote Access Configuration for the eMessage Connector
You can edit the Remote Access properties in the emessage.conf file, in the cx-server.remote-access group. Most of the properties define the HTTP Client connection between the Connector and the GAS. One property sets a timeout for a session to start.
 |
It is strongly recommended that you configure SSL/TLS for communication between the eMessage Connector and the GAS. The options to set for SSL/TLS are described in the following table.
|
|
Property
|
Default Value
|
Description
|
|---|---|---|
|
session-startup-timeout
|
120 seconds (2 minutes)
|
Defines the timeout for the start of a remote session, in seconds. This timeout is the number of seconds before a session that has not started is closed. The timeout must be greater than the asset Ping rate.
|
|
gas.http-client.connect-timeout
|
600000
|
The number of milliseconds before the connection to the GAS times out. The Connector drops the connection.
|
|
gas.http-client.request-timeout
|
100000
|
The number of milliseconds before a request to the GAS times out.
|
|
gas.http-client.ssl.enabled
|
false
|
Whether SSL/TLS is enabled for the connection between the Connector and the GAS.
|
|
gas.http-client.ssl.verify-host
|
false
|
Whether to verify the hostname used to connect to the GAS against the hostname presented in the server certificate.
|
|
gas.http-client.ssl.trust-all-certificates
|
false
|
Whether all server certificates should be trusted.
|
|
gas.http-client.ssl.trust-store.file
|
The name of the trust store file, in .jks format. If trust-all-certificates is false, then a client trust store must be configured and should contain the certificates of the server that the cliewnt trusts.
|
|
|
gas.http-client.trust-store.password
|
The password for the trust store.
|
|
|
gas.http-client.ssl.key-store.file
|
The name of the key-store file (.jks format). If GAS requires client authentication, the client must present its own certificate to the server when connecting.
|
|
|
gas.http-client.key-store.password
|
The password for the key-store file.
|
|
|
gas.http-client.ssl.additional-cipher-suites
|
By default the TLS configuration will use the cipher suites of the JVM.
|
The list of additional cipher suites to enable for the TLS configuration. For example:
additional-cipher-suites = [ "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256" ] |
|
gas.http-client.ssl.certificate-revocation-list-files
|
The list of files that specify the X.509 certificate revocation list. Trust can be configured to use a certificate revocation list (CRL) for revoked certificates that should no longer be trusted. For example:
certificate-revocation-list-files = [ "/some/path/to/crl.pem" ] |