||
Skip to end of metadata
Go to start of metadata

Let's take a look at the steps you need to follow to cluster WSO2 IoT Server with iOS. This section is not required if you don't want to enroll and manage iOS devices.

Before you begin

Follow the steps given below:

  1. Run the following scripts in the given order to create the CA, RA and SSL certificates.

    Make sure to create the output folder and use the NGINX private key (iots310_wso2_com.key) as the CA.

    NOTE: Run the scripts only on one server and copy them to the other servers.

    SSL_PASS="wso2carbon"
    CA_SUBJ="/C=SL/ST=Western/L=Colombo/O=WSO2/OU=CDM/CN=*.iots310.wso2.com/[email protected]"
    RA_SUBJ="/C=SL/ST=Western/L=Colombo/O=WSO2/OU=CDM/CN=iots310.wso2.com/[email protected]"
    SSL_SUBJ="/C=SL/ST=Western/L=Colombo/O=WSO2/OU=CDM/CN="$1
    
    ------------------------------------------------------------------------------------------
    echo "Generating CA"
    openssl req -new -key ./output/iots310_wso2_com.key -out ./output/ca.csr -subj $CA_SUBJ
    openssl x509 -req -days 365 -in ./output/ca.csr -signkey ./output/iots310_wso2_com.key -out ./output/ca.crt -extensions v3_ca -extfile ./needed_files/openssl.cnf
    openssl rsa -in ./output/iots310_wso2_com.key -text > ./output/ca_private.pem
    openssl x509 -in ./output/ca.crt -out ./output/ca_cert.pem
    
    ------------------------------------------------------------------------------------------ 
    echo "Generating RA"
    openssl genrsa -out ./output/ra_private.key 4096
    openssl req -new -key ./output/ra_private.key -out ./output/ra.csr -subj $RA_SUBJ
    openssl x509 -req -days 365 -in ./output/ra.csr -CA ./output/ca.crt -CAkey ./output/iots310_wso2_com.key -set_serial 12132121241241 -out ./output/ra.crt -extensions v3_req -extfile ./needed_files/openssl.cnf
    openssl rsa -in ./output/ra_private.key -text > ./output/ra_private.pem
    openssl x509 -in ./output/ra.crt -out ./output/ra_cert.pem
    
    echo "Generating SSL"
    openssl genrsa -out ./output/ia.key 4096
    openssl req -new -key ./output/ia.key -out ./output/ia.csr  -subj $SSL_SUBJ
    openssl x509 -req -days 730 -in ./output/ia.csr -CA ./output/ca_cert.pem -CAkey ./output/ca_private.pem -set_serial 34467867966445 -out ./output/ia.crt
    
    ------------------------------------------------------------------------------------------ 
    echo "Export to PKCS12"
    openssl pkcs12 -export -out ./output/KEYSTORE.p12 -inkey ./output/ia.key -in ./output/ia.crt -CAfile ./output/ca_cert.pem -name "ioscluster" -password pass:$SSL_PASS
    openssl pkcs12 -export -out ./output/ca.p12 -inkey ./output/ca_private.pem -in ./output/ca_cert.pem -name "cacert" -password pass:$SSL_PASS
    openssl pkcs12 -export -out ./output/ra.p12 -inkey ./output/ra_private.pem -in ./output/ra_cert.pem -chain -CAfile ./output/ca_cert.pem -name "racert" -password pass:$SSL_PASS
    
    ------------------------------------------------------------------------------------------
    echo "Export PKCS12 to JKS"
    keytool -importkeystore -srckeystore ./output/KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ./output/wso2carbon.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
    keytool -importkeystore -srckeystore ./output/KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ./output/client-truststore.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
    keytool -importkeystore -srckeystore ./output/ca.p12 -srcstoretype PKCS12 -destkeystore ./output/wso2certs.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
    keytool -importkeystore -srckeystore ./output/ra.p12 -srcstoretype PKCS12 -destkeystore ./output/wso2certs.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
  2. Configure the <IOTS_HOME>/conf/iot-api-config.xml file in the manager node as shown below:

    <VerificationEndpoint>https://iots310.wso2.com/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint>
    <DynamicClientRegistrationEndpoint>https://keymgt.iots310.wso2.com/client-registration/v0.11/register</DynamicClientRegistrationEndpoint>
    <OauthTokenEndpoint>https://gateway.iots310.wso2.com/token</OauthTokenEndpoint>
  3. Configure the <IOTS _HOME>/conf/certificate-config.xml file as shown below: 

    wso2carbon was used as the password when generating the CA and RA certificates using the scripts given in step 1. If you used a different password, make sure to update the properties given below accordingly.

    <CAPrivateKeyPassword>wso2carbon</CAPrivateKeyPassword>
    <RAPrivateKeyPassword>wso2carbon</RAPrivateKeyPassword>
  4. Disable the task server in the <IOTS_HOME>/repository/deployment/server/devicetypes/ios.xml file on the worker node.

     <TaskConfiguration>
        <Enable>false</Enable>
        ......
    </TaskConfiguration>
  5. Configure the following properties in the <IOTS_HOME>/repository/deployment/server/jaggeryapps/ios-web-agent/app/conf/config.json file as shown below.

    "httpsURL": "https://mgt.iots310.wso2.com",
    "httpURL": "http://mgt.iots310.wso2.com",
    "tokenServiceURL": "https://gateway.iots310.wso2.com/token"
    "location": "https://mgt.iots310.wso2.com/ios-web-agent/public/mdm.page.enrollments.ios.download-agent/asset/ios-agent.ipa",
  6. Start the manager node, Sign in to the device management console, and navigate to the platform configurations section to configure the iOS configurations.
    1. Make use you have the MDM certificate and the MDM APNS certificate before you configure the iOS configurations. For more information, see Generating Certificates from the Apple Developer Portal.
    2. Configure the iOS platform settings. For more information, see iOS Platform Configurations.

What's next?

You can now start enrolling iOS devices with WSO2 IoT Server.

Use the following URL when enrolling iOS devices: https://mgt.iots310.wso2.com/ios-web-agent/enrollment
  • No labels