This documentation is for WSO2 IoT Server 3.0.0. View the documentation for the latest release.
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Configuring WSO2 IoT Server with the IP for iOS - IoT Server 3.0.0 - WSO2 Documentation
IoT Server 3.0.0
Expand all   Collapse all
                                                                                                                                                                                                                                                                                                                                                                                                 
||
Skip to end of metadata
Go to start of metadata

If you are in a production environment, make sure to have the following ports open:

  • 5223 - TCP port used by devices to communicate to APNs servers
  • 2195 - TCP port used to send notifications to APNs
  • 2196 - TCP port  used by the APNs feedback service
  • 443 - TCP port used as a fallback on Wi-Fi, only when devices are unable to communicate to APNs on port 5223
    The APNs servers use load balancing. The devices will not always connect to the same public IP address for notifications. The entire 17.0.0.0/8 address block is assigned to Apple, so it is best to allow this range in the firewall settings. 
  • 10397 - Thrift client and server ports
  • 8280, 8243 - NIO/PT transport ports

Follow the steps given below to configure the ports in WSO2 IoTS to enable the iOS agent to communicate with the IoT server.

  1. Configure the following fields that are in the <IoT_HOME>/core/repository/conf/api-manager.xml file to enable communication with the WSO2 API Manager.

    • Configure the <serverURL> field that is under the <APIKeyValidator> tag by replacing ${carbon.local.ip} with the hostname or public IP of the production environment.
      Example:

      <ServerURL>https://10.10.10.182:${mgt.transport.https.port}${carbon.context}/services/</ServerURL>

    • Configure the <RevokeAPIURL> field by replacing ${carbon.local.ip} with the hostname or public IP of the production environment.
      Example:

      <RevokeAPIURL>https://10.10.10.182:${https.nio.port}/revoke</RevokeAPIURL>

  2. Configure WSO2 IoT Server with the IP:

    1. Replace the default certificate with a new self-signed certificate, and import it to the client-truststore.jks by following the steps below:

      1. Navigate to <IoT_HOME>/core/repository/resources/security via command prompt.

      2. Delete the existing wso2carbon.jks certificate file.

        keytool -delete -alias wso2carbon -keystore wso2carbon.jks

      3. Create a new wso2carbon.jks certificate file.

        keytool -genkey -alias wso2carbon -keyalg RSA -keysize 2048 -keystore wso2carbon.jks

        Setup the hostname by providing the following certificate attributes for the newly created wso2carbon.jks certificate file when prompted:

        • Common Name (CN)

        • Organizational Unit (OU)
        • Organization (O)
        • Locality (L)
        • StateofProvince Name (S)

        • Country Name (C)

        Single command to create the certificate and set certificate attributes 
        keytool -genkey -alias wso2carbon -keyalg RSA -keysize 2048 -keystore wso2carbon.jks -dname "CN=wso2,OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon

      4. Replace the public key that is with the alias wso2carbon available in the client-trustore.jks file, with the public key of the newly generated certificate. The default public key used by all WSO2 IoT Server certificates is wso2carbon.

        keytool -delete -alias wso2carbon -keystore client-truststore.jks
keytool -export -alias wso2carbon -keystore wso2carbon.jks -file wso2carbon.pem
keytool -import -alias wso2carbon -file wso2carbon.pem -keystore client-truststore.jks -storepass wso2carbon

      5. Convert the.pem file associated with the newly created certificate into a readable.pem file.

        keytool -exportcert -keystore wso2carbon.jks -alias wso2carbon -file exportcert.pem
openssl x509 -inform der -in <<file name>> -out <<file name>>

        -in <<file name>>: This is the .pem file associated with the newly created certificate.

        -out <<file name>>: This is a preferred name to identify the .pem, which is used to view the certificate content.

        Example:

        keytool -exportcert -keystore wso2carbon.jks -alias wso2carbon -file exportcert.pem
openssl x509 -inform der -in exportcert.pem -out certificate.pem

      6. Open the readable.pem file at <IOT_HOME>/core/repository/conf/identity/identity-providers/iot_default.xml via the vi/vim editor, and copy the content.

        When copying the content please ensure to exclude the BEGIN CERTIFICATE and END CERTIFICATE.

      7. Navigate to the <IoT_HOME>/core/repository/conf/identity/identity-providers/iot_default.xml file and paste the content between the <Certificate> and </Certificate> tags.

    2. Next, copy the client-truststore.jks and wso2carbon.jks to Broker and Analytics profile locations mentioned below.

      1. Broker: <IoT_HOME>/broker/repository/resources/security/

      2. Analytics: <IoT_HOME>/analytics/repository/resources/security/

    3. Open the <IoT_HOME>/conf/carbon.xml file 

      1. If you configuring WSO2 IoT Server with the IP, comment out the <HostName> and <MgtHostName> attributes.

        <!--<HostName>localhost</HostName>-->
<!--<MgtHostName>localhost</MgtHostName>-->

      2. If you are configuring WSO2 IoT Server with the hostname, define the hostname as the value for the <HostName>and <MgtHostName> attributes.

        <HostName>{ENTER_THE_HOSTNAME}</HostName>
<MgtHostName>{ENTER_THE_HOSTNAME}</MgtHostName>

    4. Open the <IOTS_HOME>/core/bin/wso2server.sh file and configure the following properties by replacing localhost with the  <IoT_SERVER_IP/HOSTNAME>.

      -Diot.core.host="<IoT_SERVER_IP/HOSTNAME>" \
-Diot.keymanager.host="<IoT_SERVER_IP/HOSTNAME>" \
-Diot.gateway.host="<IoT_SERVER_IP/HOSTNAME>" \
    5. Open the <IOTS_HOME>/core/repository/conf/identity/sso-idp-config.xml file. Find and replace localhost with the <IoT_SERVER_IP/HOSTNAME>.

    6. Open the <IOTS_HOME>/core/repository/conf/app-manager.xml file, and configure the <IdentityProviderUrl> attribute under the <SSOConfiguration> by replacing localhost with the IoT Server IP.

      <!-- URL of the IDP use for SSO -->
<IdentityProviderUrl>https://<IoT_SERVER_IP/HOSTNAME>:${mgt.transport.https.port}/samlsso</IdentityProviderUrl>

    7. Open the <IOTS_HOME>/core/repository/conf/etc/webapp-publisher-config.xml file, and set true as the value for <EnabledUpdateApi> parameter.

      <!-- If it is true, the APIs of this instance will be updated when the webapps are redeployed -->
<EnabledUpdateApi>true</EnabledUpdateApi>

      If you have not started WSO2 IoT Server previously, you do not need this configuration. When the server starts for the first time, it updates the APIs and web apps with the new server IP.

      Make sure to configure this property back to false if you need to restart the server again after the configuring the IP.

      By enabling the update API property, the APIs and the respective web apps get updated when the server restarts. This takes some time. Therefore, if you need to restart the server many times after this configuration or when in a production environment, you need to revert back to the default setting.

    8. Open the <IOTS_HOME>/core /repository/deployment/server/jaggeryapps/devicemgt/app/conf/app-conf.json file, and configure the following attributes:

      1. identityProviderUrl: Replace %iot.keymanager.host%:%iot.keymanager.https.port% with the IoT Server IP or hostname and port, which is 9443.

        "identityProviderUrl" : "https://<IoT_SERVER_IP/HOSTNAME>:9443/samlsso",

      2. acs: Replace %iot.keymanager.host%:%iot.keymanager.https.port% with the IoT Server IP or hostname and port, which is 9443.

        "acs": "https://<IoT_SERVER_IP/HOSTNAME>:9443/devicemgt/uuf/sso/acs",

    9. Open the <IOTS_HOME>/core/repository/deployment/server/jaggeryapps/api-store/site/conf/site.json file, and configure the identityProviderUrl attribute by replacing localhost with the IoT Server IP or hostname.

      "identityProviderURL" : "https://<IoT_SERVER_IP/HOSTNAME>:9443/samlsso",

    10. Open the <IOTS_HOME>/analytics/repository/deployment/server/jaggeryapps/portal/configs/designer.json file, and configure the identityProviderUrl,acs and host attributes by replacing localhost with the IoT Server IP, or hostname and the respective profiles port.

      "identityProviderURL": "https://<IoT_SERVER_IP>:9443/samlsso",
"acs": "https://<IoT_SERVER_IP/HOSTNAME>:9445/portal/acs",
"host":{"hostname":"<IoT_SERVER_IP/HOSTNAME>","port":"","protocol":""},

      The default port of the WSO2 IoT Server profiles are as follows:

      WSO2 IoT Server core profile9443
      WSO2 IoT Server analytics profile9445
      WSO2 IoT Server broker profile9446

      Therefore, the analytics portal needs to be assigned the 9445 port.

    11. Open the <IoT_HOME>/analytics/bin/wso2server.sh file and replace localhost with the hostname. Example:

      -Dmqtt.broker.host="wso2" \
-Diot.keymanager.host="wso2" \
-Diot.gateway.host="wso2" \

    12. Open the <IoT_HOME>/broker/repository/conf/broker.xmlfile and replace localhost with the hostname. Example:

      <property name="hostURL">https://wso2:9443/services/OAuth2TokenValidationService</property>
<property name="tokenEndpoint">https://wso2:8243</property>
<property name="deviceMgtServerUrl">https://wso2:8243</property>

    13. If you are using the hostname instead of the IP, open the <IOTS_HOME>/core/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json file and configure the host property.


      "host" : "<ENTER_THE_HOSTNAME>"

    14. Once you are done with the above steps, restart or start the message broker, IoT Server core, and the analytics profiles in the given order. For more information, see Starting the Server.

What's next?

Configuring WSO2 IoT Server to Install iOS Applications.

  • No labels
||