Skip to main content
Skip table of contents

coap.properties

The file coap.properties contains configuration options for the CoAP proxy that may be used as part of the EST protocol.

To communicate with Protocol Gateway, the CoAP proxy will use TLS client authentication using the virtual registration officer configured in Protocol Gateway.

Some CoAP server settings related to DTLS (such as ports) are configured in Californium.properties, a file that will be created with default values the first time you start the proxy. 

Relative paths specified below are relative the <configroot>

About <configroot>

<configroot> corresponds to the following paths: 

Windows <configroot>
CODE 
%ALLUSERSPROFILE%/Nexus/cm-gateway/
Linux <configroot>
CODE 
/var/cm-gateway/

CoAPs Proxy parameters

These parameters in coap.properties are used to configure the Protocol Gateway CoAP Proxy. 

ParameterDescription
start

Controls if the EST-CoAPs proxy should start or not.

XML 
start = false
proxyPort

The Protocol Gateway port for client TLS authentication. I.e. the port where the proxy will forward the requests.

XML 
proxyPort = 8444
discoveryPath

The resource type "ace.est" will be set at the discoveryPath which will be returned when a client is doing a discovery. The resource types "ace.est.crts", "ace.est.sen", "ace.est.sren", "ace.est.att", "ace.est.skg", "ace.est.skc" will be set at the corresponding endpoints under the discoveryPath.

XML 
# discoveryPath = /.well-known/est/coap/
includeHandlers

This regular expression controls what handlers in est.properties that will be included for use in the CoAP proxy. The proxy will filter away unsupported endpoints automatically. 

This only needs to be changed if EST is multitenant and only some handlers in est.properties are meant for CoAP. The following example would only include handlers with a coap/ sub-path:

XML 
# includeHandlers = .*coap/.*

DTLS parameters

These parameters in coap.properties are used to configure the DTLS communication that is required for CoAPs. 

ParameterDescription
tlsToken

A PKCS#12 file containing the private key, certificate and full certificate chain for the DTLS server certificate.

XML 
tlsToken = myTlsToken.p12
tlsTokenPassword

The password for unlocking the PKCS#12 file. It is recommended to obfuscate sensitive data with .encrypted.

XML 
tlsTokenPassword.encrypted = 1234
cipherSuite

The cipher suites that the DTLS endpoint should support.

XML 
cipherSuite.0 = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
#cipherSuite.1 = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#cipherSuite.2 = TLS_NULL_WITH_NULL_NULL
#cipherSuite.3 = TLS_PSK_WITH_AES_128_CBC_SHA256
#cipherSuite.4 = TLS_PSK_WITH_AES_128_CCM_8
trustAll

Enable trust all policy for the DTLS.

XML 
# trustAll = false
retransmissionTimeout

Sets the (starting) time to wait before a handshake package gets retransmitted. On each retransmission, the time is doubled.

XML 
# retransmissionTimeout = 1000
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close