The Remote Access Client (RAC) uses TLS by default to create secure connections to Global Access Server (GAS) and the ThingWorx platform. In RAC 2.5.0 or later, you can use a self-signed or a private certificate for the connection between RAC and GAS. To connect to a GAS instance that uses SSL, you must generate a certificate and add it to the Java truststore of the ThingWorx server. If you are using an SSL certificate from a trusted certificate authority, the required certificate is already added to truststore when Java is installed.

The following certificate formats are supported by RAC:

To use a self-signed certificate with RAC, add the certificate file to the tw-ra-client/certificates/ folder. The following is the location of the folder for the following operating systems:

Any certificates within subfolders are not scanned. To use certificates from a custom location, add the certs_directory property to the RAC config.json file as follows:

For more information about the available JSON properties, see Configuring RAC Using a JSON File.

By default, the Java truststore is named cacerts and is located in the \lib\security folder of the Java home directory. The file contains all trusted CA certificates on the current system. You can configure and manage the file using the Java keytool utility. The initial password for the cacerts file is changeit.

Before importing the certificate, make sure you have the Java keytool utility in your environment path. Then, run the following command in a terminal to import the self-signed CA into the truststore: