Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » OM2M » Use TLS for IN-CSE and MN-CSE communication
Use TLS for IN-CSE and MN-CSE communication [message #1791561] Mon, 02 July 2018 14:12
Yorick Brunet is currently offline Yorick BrunetFriend
Messages: 3
Registered: June 2018
Junior Member
Hello,

I'm trying to use TLS to access the in-cse webpage but also to secure the communication between in-cse and mn-cse.

To do so, I read https://www.eclipse.org/jetty/documentation/current/index.html, generated two certificates using keytool (keybase for in-cse, keybase2 for mn-cse, but both using 127.0.0.1).
I configured the in-cse as follows (default OM2M configuration is kept for the rest of the configuration)

org.eclipse.equinox.http.jetty.http.enabled=true
org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=8443
org.eclipse.equinox.http.jetty.ssl.password=om2mpw
org.eclipse.equinox.http.jetty.ssl.keypassword=om2mpw
org.eclipse.equinox.http.jetty.ssl.keystore=/home/ybt/keystore
org.eclipse.equinox.http.jetty.ssl.protocol=TLS

and the mn-cse as follows

org.eclipse.equinox.http.jetty.http.enabled=true
org.eclipse.equinox.http.jetty.https.enabled=true
org.eclipse.equinox.http.jetty.https.port=8444
org.eclipse.equinox.http.jetty.ssl.password=om2mpw
org.eclipse.equinox.http.jetty.ssl.keypassword=om2mpw
org.eclipse.equinox.http.jetty.ssl.keystore=/home/ybt/keystore2
org.eclipse.equinox.http.jetty.ssl.protocol=TLS

cseBaseProtocol.default is still "http".

I can successfully access https://127.0.0.1:8443/webpage/welcome/index.html?context=/~&cseId=in-cse (after having accepted the certificate) and I can access mn-cse with the button in link "in-cse -> mn-cse".

I then modified the configurations (in-cse and mn-cse were stopped and restarted to take the new configuration into account) as follows

in-cse:

org.eclipse.om2m.cseBaseProtocol.default=https #http

mn-cse:

org.eclipse.om2m.remoteCsePort=8443 #8080
org.eclipse.om2m.cseBaseProtocol.default=https #http

However, in this case, the communication between in-cse and mn-cse does not work.
When starting, mn-cse writes the following log

Starting CSE...
[INFO] - org.eclipse.om2m.core.Activator
Added Data Mapper Service: application/xml
[INFO] - org.eclipse.om2m.core.Activator
Added Data Mapper Service: application/json
[INFO] - org.eclipse.om2m.core.Activator
Rest client service discovered. Protocol: http
[INFO] - org.eclipse.om2m.webapp.resourcesbrowser.json.Activator
HttpService discovered
[INFO] - org.eclipse.om2m.webapp.resourcesbrowser.json.Activator
Register /webpage http context
osgi> [INFO] - org.eclipse.om2m.persistence.eclipselink.internal.DBServiceJPAImpl
DataBase initialized.
[INFO] - org.eclipse.om2m.persistence.eclipselink.Activator
Registering Database (JPA-EL) Service
[INFO] - org.eclipse.om2m.core.Activator
DataBase persistence service discovered

but does not continue with the normal startup as with "cseBaseProtocol.default=http" which is

[INFO] - org.eclipse.om2m.core.thread.CoreExecutor
Creating thread pool with corePoolSize=5 & maximumSize=50
[INFO] - org.eclipse.om2m.core.CSEInitializer
Initializating the cseBase
[INFO] - org.eclipse.om2m.core.CSEInitializer
cseBase already initialized
[INFO] - org.eclipse.om2m.core.Activator
Registering CseService...
[INFO] - org.eclipse.om2m.binding.http.Activator
CseService discovered
[INFO] - org.eclipse.om2m.core.Activator
CSE Started

Using 127.0.0.1 for in-cse and mn-cse is certainly not optimal, but I don't think that the issue comes from here.
Do you have any idea why both CSE do not communicate ? Of course, certificates are self-signed, thus they cannot check the certificate of the other.

Do you have any advice on how to proceed ? How can I secure an OM2M deployment from the App connected to the MN-CSE to the App connected to the IN-CSE ?

Thank you.

Yorick
Previous Topic:Unable to retrieve instance when using MongoDB
Next Topic:Test OM2M
Goto Forum:
  


Current Time: Sun Sep 23 02:09:48 GMT 2018

Powered by FUDForum. Page generated in 0.02627 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top