Any workaround for self-signed SSL on IOS?

Per a separate topic, it seems that you need to use SSL URLs to see any material icons in a Perpsective project, using Chrome browser. So if devices are forced to redirect to the secure URL, or you type in the https url into at least Chrome and Safari on IOS, it never authenticates and starts the Perspective client. I suspect it is because the cert is self-signed, but there does not seem to be a way to get around it, aside I assume of buying a real SSL certificate.

FYI this is also true of the Mobile App on Android- it will not connect with a self-signed cert either. We have been able to get it to start in Chrome on an Android device by clearing cookies first.

We’re probably going to need to create our own variation of this in a KB article, but:

You’ll need to do something similar to those instructions with the self-signed certificate.

So I’ve done exactly what is described in that article–I’ve imported a custom Root CA to iPhone, went in and marked it as a trusted Root CA. I can now open the gateway webpage without security warnings within Safari. However, when I try to add the gateway via that same https URL to Perspective, I get ‘Host invalid’, similar to what happens if I try to open the URL on the desktop before placing the root CA in the ~/.ignition/clientlauncher-data/certificates folder. It will add successfully if I go to http/8088, but obviously I need https for things like OAuth2 redirect and because well, ya just need it nowadays :wink:

Any other advice out there to try? This is with 8.0.9 and latest iOS app at time of writing.

You shouldn’t have to do anything else if you trusted the gateways Root CA. Restarting the device, if you haven’t already, might help. We have an update for the mobile apps that makes it easer to install custom certificates, but I’m not sure it’ll fix what you’re seeing. We’re planning on releasing by end of next week, so maybe try again after updating and let us know how it goes. It’ll be version 0.95.

Update on this one. As it turns out, I was fighting some of the recent changes in iOS/macOS related to TLS certificate validity. Our internal AD certserv CA was signing for 3 years. When these certs are applied to Ignition, we noticed the behavior mentioned in this thread. Additionally (and this was what actually triggered us to do further debugging), we noticed that Ignition Designer (on macOS Catalina) would refuse to open Perspective Views, resulting in CERT_REVOKED errors in the designer.

With updated certs applied (this time with a 1-year validity period, but again, anything less than 825 days between the NotBefore and NotAfter fields of the cert should be good), everything is happy again.

Here are a few links to information surrounding the 825 day duration: