Versions Compared

Version Old Version 1 New Version 2
Changes made by

Nick Judson

Nick Judson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The recommended approach is to create a unique self-signed certificate for each distinct API client. See https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate for information on creating self-signed certificates in Windows.

...

Once you have created a client certificate, run the Powershell command, you will find the new certificate in your Personal folder of the Local machine store.

...

Export this certificate to a file using the default export settings (do not include the private key). Copy this file over to the gateway host and install it into the “Trusted People” folder store of the Gateway Host. Note that you must be using the Local Computer Certificates store Local Computer. This can be achieved by right clicking the certificate file (on the gateway host) and choosing the “install certificate” option.

...

Choose the Local Machine store. Then select the ‘Trusted People’ store as the target.

...

You have now completed the requirements for the client API to create a tunnel with the API service. Verify that the certificate installed correctly on the Gateway host by looking in the ‘Trusted People’ store.

...

Deleting an API client certificate from this store will revoke access to the gateway API.

Next, reference the C# client library (Connexion.Gateway.Api.dll, both framework and core assemblies are available) and create a proxy to the gateway. You will need the System.ServiceModel.Primitives and System.ServiceModel.Http packages if you’re targeting .NET core.

Code Block
languagec#
using System.Security.Cryptography.X509Certificates;
using Connexion.Gateway.Api;

namespace GatewayApiClientTest
{
    class Program
    {
        static void Main(string[] args)
        {
            // load the certificate to pass to the gateway api
            var certificate = new X509Certificate2(@"c:\gatewayClient\NickLaptop.cer");

            // create a proxy to the GW
            using (var proxy = GatewayApiProxy.CreateProxy("192.168.3.19", 8085, certificate))
            {
                // test the connection
                proxy.ServiceMethods.Ping();
            }
        }
    }
}

At this point, you can now make API calls to create and modify non-authorized remote agents. In the future, we may enable specific updates to authorized remote agents.