ThingWorx Edge Java SDK > Setting Up SSL/TLS Certifcates
  
Setting Up SSL/TLS Certifcates
To secure the connection between a device running your client application and the ThingWorx platform, set up the SSL/TLS certificates for the client (your Edge SDK application) and the ThingWorx platform. The certificate of the server’s certificate Issuer must be stored in SSLCACert.pem in the directory, $JAVA_HOME/jre/lib/security.
If authentication of the client application at the server is required, store the client identity certificate and private key in SSLCert.pem and SSLPrivKey.pem, respectively.
To Use the OpenSSL Utility
Follow these steps:
1. Create a directory in which to store the OpenSSL files, called OpenSSL.exe (Windows).
2. Obtain the OpenSSL utility and its supporting libraries from a trusted source (for example, from the site, http://www.openssl.org/), and store the files in your OpenSSL directory.
To Generate a Certificate and Private Key Using the Java keytool Utility
These steps assume a Windows computer and an installation of the Java Development Kit:
1. Open a Command prompt, and change to the OpenSSL directory.
2. Run make-keystore.bat from the command line in the format:
make-keystore.bat hostname
3. Answer the following questions:
a. What is your first and last name? [Unknown]: [use the host name] Note that this name must match the name used by your client application. That is, if your client connects using https://myserver:443, this value must be myserver.
b. What is the name of your organizational unit? [Unknown]: QA
c. What is the name of your organization? [Unknown]: Acme
d. What is the name of your City or Locality? [Unknown]: Sprlngfield
e. What is the name of your State or Province? [Unknown]: MA
f. What is the two-letter country code for this unit? [Unknown]: US
g. Is CN=hostname, OU=QA, O=Acme, L=Springfield, ST=MA, C=US correct? [no]: yes
4. When prompted for passwords, use the host name or some other easily identifiable name.
5. When prompted for the private key password, type the passphrase for your CA private key.pem.
6. You will now find a file named hostname.jks in your c:\OpenSSL folder. Copy this file to the ThingWorx platform and store it in the directory, $JAVA_HOME/jre/lib/security.
7. In your client code, specify the location of this trust store:, as follows:
System.setProperty("javax.net.ssl.trustStore", "/Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/
Contents/Home/jre/lib/security/root_store")
8. Also in your client code, set the password for the trust store, as follows:
System.setProperty("javax.net.ssl.trustStorePassword", "thingworx")
* 
While developing an application, turn on debugging to see all the messages exchanged during an SSL/TLS handshake, using a line similar to the following:
System.setProperty("javax.net.debug", "ssl,keymanager");