Configure Trust for a ThingWorx Certificate

In some cases, the Experience Service must be configured to trust the certificate that is used by the associated ThingWorx server. The steps required to properly configure the Experience Service depend on the type of CA that issued the ThingWorx certificate. Determine which of the following scenarios applies to your situation and then follow the instructions for that scenario:

Scenario

Instructions

Root CA is a well-known public CA.

No additional configuration is required since the CA is already trusted by the Experience Service.

Root CA is a private organization CA.

To configure the Experience Service to trust the private root CA,:

1. Set the NODE_EXTRA_CA_CERTS environment variable equal to the path to the certificate for the private organization certificate authority. For example, C:\Certificates\<cert_file>.pem.

When using the NODE_EXTRA_CA_CERTS variable, the referenced files must be PEM encoded.

2. Restart the Experience Service.

The certificate is self-signed.

To configure the Experience Service to trust the certificate, do one of the following:

• Set the NODE_EXTRA_CA_CERTS environment variable equal to the path to the self-signed certificate. For example, C:\Certificates\<cert_file>.pem.

Then, restart the Experience Service.

When using the NODE_EXTRA_CA_CERTS variable, the referenced files must be PEM encoded.

• Make the following configuration changes:

◦ Set the proxies.0.secure configuration parameter equal to false.

◦ Set the websocketProxies.0.secure configuration parameter equal to false.

◦ When starting the Experience Service, specify the --allowssc option on the command line.