Certificate Handling for Instance Registration
The registration of a ThingWorx instance with Solution Central requires a certificate. After a successful registration, your instance can interact with the Solution Central portal.
To set up your certificate, follow the steps listed in this topic.
 |
If you have previously registered your ThingWorx instance and only want to update the certificate, skip to the Update Your Existing Certificate topic.
|
1. Create a self-signed certificate or use an existing valid certificate. You can use tools, such as OpenSSL or KeyStore Explorer, to create and manage the certificate.
a. To create a self-signed certificate using OpenSSL, run the following command:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 720 -out certificate.pem
b. Enter the following information, which is incorporated in your certificate request. Some fields have a default value. Some fields can be left blank. Enter “.” to leave the field blank.
"Country Name": "<Two-letter code for your country>"
"State or Province Name": "<Full name of your state or province>"
"Locality Name": "<Your locality or city name>"
"Organization Name": "<Name of your company>"
"Organizational Unit Name": "<Company section you work with>"
"Common Name": "<Your name or your server's hostname>"
"Email Address": "<Your email address>"
"State or Province Name": "<Full name of your state or province>"
"Locality Name": "<Your locality or city name>"
"Organization Name": "<Name of your company>"
"Organizational Unit Name": "<Company section you work with>"
"Common Name": "<Your name or your server's hostname>"
"Email Address": "<Your email address>"
This generates the following files:
◦ certificate.pem — the certificate
◦ key.pem — the private key associated with the certificate
2. Create the PKCS12 keystore.
|
|
If you are using KeyStore Explorer to create the keystore and keypair, make sure that their passwords match.
|
a. Run the following command:
openssl pkcs12 -export -in certificate.pem -inkey key.pem -out sc-keystore -name solution-central.certificate
"Enter Export Password": "<Enter password for the export>"
"Verifying - Enter Export Password": "<Re-enter password for the export>"
"Verifying - Enter Export Password": "<Re-enter password for the export>"
This generates the sc-keystore file.
b. Place this newly created sc-keystore file under the $TWX_HOME/ThingworxPlatform directory.
|
|
For ThingWorx High Availability, place this sc-keystore file in the $TWX_HOME/ThingworxPlatform directory, and make sure all nodes refer to the same file from the same shared location. While updating the Solution Central configuration, ensure that the platform-settings.json file references this path in the KeyStorePath field.
|
c. Provide the keystore name without the file extension. For instance, C:/ThingworxPlatform/sc-keystore. Ensure that you have the keystore password available as it needs to be configured in the ThingWorx platform-settings.json file.
3. Modify the platform-settings.json file to configure the keystore and password as described in the platform-settings.json Configuration Details for Solution Central topic.
|
|
If you want to encrypt the password, set the KeyStorePass value to encrypt.sc.password. Refer to Encrypting Passwords for details on encrypting the sc-keystore password and using ThingWorx Platform’s encryption capabilities.
|
4. With these settings and configuration in place, you are ready to register your ThingWorx instance with Solution Central. Refer to the Register Your Instance with Solution Central topic for instructions on registration.