OHI Agent to OHI Gateway - SSL Secured Connection Prerequisite

= The OHI Agent connects to the OHI Gateway using the following protocols:

• HTTP: for accessing the OHI Gateway’s REST API;

• WebSockets: to receive signals from the OHI Gateway that trigger actions by the OHI Agent.

Both HTTP and WebSocket connections need to be secured to use HTTPS and WSS respectively. This part of the document lists how to do that.

Configuring Truststores

It is assumed that the OHI Gateway is set up to accept HTTPS traffic only and that the OHI Gateway’s certificate was imported into a truststore (a keystore that stores certificates of trusted entities) for use with the OHI Agent.

Currently, the OHI Agent supports one-way SSL for connecting to the OHI Gateway, i.e. the OHI Gateway must be configured to use one-way SSL.

The OHI Agent being a Java application, it would set up an internal trust manager based on the value of the default "javax.net.ssl.trustStore" parameter. As the OHI Agent likely communicates to multiple services, use of a truststore file that this parameter points to may not have the desired effect. For example, using this parameter to denote the trust store could result in an "unable to find valid certification path to requested target" exception if the configured truststore does not contain entries for one of the services the OHI Agent connects to. Therefore, the OHI Agent allows configuration of a truststore on a per use case basis. Note that these settings will be used for securing both HTTPS as well as the WSS connections.