Orion Context Broker HTTPS for subscribers

Question

Very simply question: Does the Orion Context Broker support SSL for subscribers:

Ex.: Can the callback URL for subscriptions be https://mysimpleexample.com/notify

I've tried this (using a trusted certificate!), and this does not seem to work for me.

That being said, I've not run the Orion Context Broker using the -https option. However, looking at the manual, this option seems to be for using SSL on the context broker http server, and have nothing to do with client subscriptions.

Edit: I did try this on an http endpoint and then on an https endpoint with the same hostname afterwards. Only the https endpoint had issues.

Answer 1

You are right: -https CLI is about activating HTTPS in the (sever side) Orion NGSI API. It is not related with the notifications sent by Orion.

Orion doesn't support directly (client side) HTTPS notifications but the functionality could be achieved using an HTTP relayer, such as Rush. Using an HTTP releayer has additional advantages such as relieving Orion from dealing with notification fails, retries, etc.

Orion-Rush integration is not yet achieved, but it is in our short-term roadmap. Please, have a look (and eventually subscribe to, if you want to know when the functionality gets implemented) to https://github.com/telefonicaid/fiware-orion/issues/251

UPDATE: Orion-Rush integration for HTTPS was implemented in Orion 0.13.0. See "Security considerations" section at Orion user manual.

UPDATE: Rush has been added as part of the global context management instance, so CB at orion.lab.fi-ware.org nos supports HTTPS notifications. However, a bug currently makes CB ignore default port for "https" URL scheme, so use 443 explicitly (eg. https://foo.bar:443/path).

UPDATE: the bug mentioned in the previous update note is fixed in Orion release 0.17.0.

UPDATE: since verion 1.7.0, Orion implements native HTTPS notifications (i.e. without needing Rush).