Launch Error Occured Gateway Requires SSL

I have installed Ignition EDGE Ubuntu. After enabling SSL. I can not open the project on designer. Showing error Gateway Requires SSL. Please help to solve this.

@renix Did you install a CA signed certificate or are you using the autogenerated one?

I’m using auto generated certificate. @jcoffman

@jcoffman awaiting your reply.

I am assuming you are on 8.0+.

This is because the certificate we generate is self signed. It allows you to access the Gateway Homepage on modern browsers using https but the browser will warn you about the certificate because it does not come from a trusted Certificate Authority. You should install a trusted certificate. If you wish you use the supplied certificate you will need to do a few things:

  1. Download the certificate (Most web browsers help with this)
  2. Place the certificate in .ignition/clientlauncher-data/certificates
  3. This certificate uses the Subject Name of Ignition. One of the easiest methods to deal with this on your local machine is to add a field to your hosts file that points Ignition to the IP of the gateway and use https://${HOSTNAME}:8043 as the gateway address.

If you create your own certificate with the correct IP or DNS name you can skip step 3 entirely.

I would really recommend to do one of two things if you are going to require SSL:

  1. Create an internal Certificate Authority you can issue certificates from for your internal network. You can add the root cert to the .ignition/clientlauncher-data/certificates directory and all gateways that use a certificate signed by the Certificate Authority will be recognized as having a valid certificate.
  2. Create a certificate and submit it to a recognized Certificate Authority to be signed. This is is the simplest as no further steps are needed besides installing the certificate on the gateway.

Thanks,
Jonathan C

Thank You

Just ran into this issue after setting my gateway to require SSL for all connections. I have Ignition configured to use a cert signed by our internal CA however the designer does not appear to trust it even after importing the CA cert into the keystore file. Attempting to launch an application now results in an error as shown below.

Is there any way to resolve this other than allowing plain text connections?

Never mind, it appears that @jcoffman was correct. Symlinking the CA cert file into /home/00/d861703/.ignition/clientlauncher-data/certificates allows the designer to connect as expected.

Hi Jonathan,

By following your steps I was able to get the client and the designer to launch on windows based system using self signed certificate which was created through Networking --> Webserver (Create SSL/TLS and selected Self-signed certificate under advanced options).

I can’t get it to work on Ubuntu 18.04. Essentially everything i did exactly as you listed on points 1 and 2.

Your help is greatly appreciated!