I recently updated one of my Ignition Gateways to 8.1.9 which prompted me to update the Designer Launcher from 1.1.5 to 1.1.9. When I went to launch a designer for an existing Gateway still on 8.1.5, I got a prompt to install the SSL certs for the redundant backup node we have connected. However the launcher is only finding the IP address of the backup node, not the DNS name, so the certificate can’t be trusted and I am getting the error below:
I downgraded the Designer Launcher to 1.1.5 and I am able to trust the certificate for the master node and open the Designer.
1 Like
I think what this error is telling you is that the certificate you have installed on that backup gateway is missing the IP address from its Subject Alternative Names. It's something you'll have to get sorted out, because either the 1.1.5 launcher isn't trying to get the backup certificate at all, or it's not doing this verification that it should be doing.
Looking at the certificate file, the only names that are in there under “Subject Alternative Names” are the DNS names for both the master and backup node. The Designer seems to be handling the master node just fine (I put it in there using the DNS name), but its only finding the IP address for the backup node, even though it has a DNS name registered. Why would the designer accept the DNS name for the master but not the backup? Is there a way to force the designer to associate the backup with its DNS name? I tried looking through the Gateway config settings but couldn’t find anything there.
Not certain, but I think that Gateway HTTP Address setting, under Config > Networking > Web Server, is independently configurable on both master and backup. Do you have that set to the DNS name on the backup?
1 Like
Oh that was it! So simple, thank you for the help!
