Clustering the iOS Server
- Former user (Deleted)
Let's take a look at the steps you need to follow to cluster WSO2 IoT Server with iOS. This section is not required if you don't want to enroll and manage iOS devices.
Before you begin
Make sure to install the iOS features.
Follow the steps given below:
Run the following scripts in the given order to create the CA, RA and SSL certificates.
Make sure to create the
outputfolder and use the NGINX private key (iots310_wso2_com.key) as the CA.NOTE: Run the scripts only on one server and copy them to the other servers.
SSL_PASS="wso2carbon" CA_SUBJ="/C=SL/ST=Western/L=Colombo/O=WSO2/OU=CDM/CN=*.iots310.wso2.com/EMAILADDRESS=noreply@wso2.com" RA_SUBJ="/C=SL/ST=Western/L=Colombo/O=WSO2/OU=CDM/CN=iots310.wso2.com/EMAILADDRESS=noreply@wso2.com" SSL_SUBJ="/C=SL/ST=Western/L=Colombo/O=WSO2/OU=CDM/CN="$1 ------------------------------------------------------------------------------------------ echo "Generating CA" openssl req -new -key ./output/iots310_wso2_com.key -out ./output/ca.csr -subj $CA_SUBJ openssl x509 -req -days 365 -in ./output/ca.csr -signkey ./output/iots310_wso2_com.key -out ./output/ca.crt -extensions v3_ca -extfile ./needed_files/openssl.cnf openssl rsa -in ./output/iots310_wso2_com.key -text > ./output/ca_private.pem openssl x509 -in ./output/ca.crt -out ./output/ca_cert.pem ------------------------------------------------------------------------------------------ echo "Generating RA" openssl genrsa -out ./output/ra_private.key 4096 openssl req -new -key ./output/ra_private.key -out ./output/ra.csr -subj $RA_SUBJ openssl x509 -req -days 365 -in ./output/ra.csr -CA ./output/ca.crt -CAkey ./output/iots310_wso2_com.key -set_serial 12132121241241 -out ./output/ra.crt -extensions v3_req -extfile ./needed_files/openssl.cnf openssl rsa -in ./output/ra_private.key -text > ./output/ra_private.pem openssl x509 -in ./output/ra.crt -out ./output/ra_cert.pem echo "Generating SSL" openssl genrsa -out ./output/ia.key 4096 openssl req -new -key ./output/ia.key -out ./output/ia.csr -subj $SSL_SUBJ openssl x509 -req -days 730 -in ./output/ia.csr -CA ./output/ca_cert.pem -CAkey ./output/ca_private.pem -set_serial 34467867966445 -out ./output/ia.crt ------------------------------------------------------------------------------------------ echo "Export to PKCS12" openssl pkcs12 -export -out ./output/KEYSTORE.p12 -inkey ./output/ia.key -in ./output/ia.crt -CAfile ./output/ca_cert.pem -name "ioscluster" -password pass:$SSL_PASS openssl pkcs12 -export -out ./output/ca.p12 -inkey ./output/ca_private.pem -in ./output/ca_cert.pem -name "cacert" -password pass:$SSL_PASS openssl pkcs12 -export -out ./output/ra.p12 -inkey ./output/ra_private.pem -in ./output/ra_cert.pem -chain -CAfile ./output/ca_cert.pem -name "racert" -password pass:$SSL_PASS ------------------------------------------------------------------------------------------ echo "Export PKCS12 to JKS" keytool -importkeystore -srckeystore ./output/KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ./output/wso2carbon.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt keytool -importkeystore -srckeystore ./output/KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore ./output/client-truststore.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt keytool -importkeystore -srckeystore ./output/ca.p12 -srcstoretype PKCS12 -destkeystore ./output/wso2certs.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt keytool -importkeystore -srckeystore ./output/ra.p12 -srcstoretype PKCS12 -destkeystore ./output/wso2certs.jks -deststorepass wso2carbon -srcstorepass wso2carbon -noprompt
Configure the
<IOTS_HOME>/conf/iot-api-config.xmlfile in the manager node as shown below:<VerificationEndpoint>https://iots310.wso2.com/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint> <DynamicClientRegistrationEndpoint>https://keymgt.iots310.wso2.com/client-registration/v0.11/register</DynamicClientRegistrationEndpoint> <OauthTokenEndpoint>https://gateway.iots310.wso2.com/token</OauthTokenEndpoint>
Configure the
<IOTS _HOME>/conf/certificate-config.xmlfile as shown below:Âwso2carbonwas used as the password when generating the CA and RA certificates using the scripts given in step 1. If you used a different password, make sure to update the properties given below accordingly.<CAPrivateKeyPassword>wso2carbon</CAPrivateKeyPassword> <RAPrivateKeyPassword>wso2carbon</RAPrivateKeyPassword>
Disable the task server in the
<IOTS_HOME>/repository/deployment/server/devicetypes/ios.xml file on the worker node.<TaskConfiguration> <Enable>false</Enable> ...... </TaskConfiguration>Configure the following properties in the
<IOTS_HOME>/repository/deployment/server/jaggeryapps/ios-web-agent/app/conf/config.jsonfile as shown below."httpsURL": "https://mgt.iots310.wso2.com", "httpURL": "http://mgt.iots310.wso2.com", "tokenServiceURL": "https://gateway.iots310.wso2.com/token" "location": "https://mgt.iots310.wso2.com/ios-web-agent/public/mdm.page.enrollments.ios.download-agent/asset/ios-agent.ipa",
- Start the manager node, Sign in to the device management console, and navigate to the platform configurations section to configure the iOS configurations.
- Make use you have the MDM certificate and the MDM APNS certificate before you configure the iOS configurations. For more information, see Generating Certificates from the Apple Developer Portal.
- Configure the iOS platform settings. For more information, see iOS Platform Configurations.
What's next?
You can now start enrolling iOS devices with WSO2 IoT Server.
https://mgt.iots310.wso2.com/ios-web-agent/enrollment