Hi,

Step-by-step instructions.

0. For the context of this post, delete the PKI directories of both before starting (or unzip the SDK package to a clean folder).
1. Start the SampleConsoleServer, wait it for to start before continuing to 2.
2. Start the SampleConsoleClient, enter the uri or just press enter (by default it then tries to connect to sampleconsoleserver)
3. Select ‘s’ or ‘e’ in the security mode selection
4. You will get a promt in the clientside console, accept the cert permanently with ‘A’
5. At this point the connection will fail, as the server side is not yet trusting the client side cert. Keep the client window open
6. Navigate to sampleconsoleserver/PKI/CA/rejected, you should see a single file, and the name has characters 0-9A-F. If you open this in a certificate viewing too, you should see the cert as the sampleconsoleclient’s. Move this to the sampleconsoleserver/PKI/CA/certs, so that the rejected folder is empty and the certs has the file. All this while the server is running.
7. Back in the client console, try connecting again by selecting ‘1’ (type 1 and press enter), it should now connect.
8+ subsequent connections will do not require these steps (as long as both have eachothers certificates in eachothers ‘certs’ directories).

NOTES! sections 4 and 6 typically require some tought in a real use-case. Alternatively you can move the files directly from PKI/CA/private/*.der (not the .pem, as those are private keys and are private to the application in question) to the other’s ‘certs’. Note that if you do that after a cert is rejected (i.e. situation of 6. exists), it might exist in multiple places, which case the connection might be rejected, even if one of them is in the ‘certs’. Please see the samples for more info, as this is the basic scenario.

Hi,

Please read the tutorials found in the ‘tutorial’ folder of the SDK package and see the samples.