How do I get the certificates installed

codersmurf · August 2, 2016, 6:49pm

The only documentation for this is in windoze.

Thanks,

Jake

Kevin.Herron · August 2, 2016, 7:11pm

Are you asking how to install an SSL certificate that Ignition will use, or something else?

codersmurf · August 2, 2016, 7:14pm

I’m using letsencrypt for the ca and wanted to get the certs installed into ignition. In windows it talked about copying files to a path, but that path doesn’t exist in linux. Sorry, not a big web guy so I didn’t know where to go from here.

Kevin.Herron · August 2, 2016, 7:33pm

Assuming these instructions: support.inductiveautomation.com … ertificate

Use your package manager to install the Oracle Java JDK (launchpad.net/~webupd8team/+archive/ubuntu/java) and then follow from step 3. The instructions are the same, just choose a different path to create your keystore at since you obviously can’t use “C:”. The Ignition install directory will also be different - either something like /usr/local/ignition or wherever you chose to unzip it.

As for using letsencrypt… I wouldn’t recommend doing that. All letsencrypt certificates expire in 90 days, so you’ll need to be updating the Ignition SSL certificate, by hand, in perpetuity. Go pay the PKIX cartel for a 3-5 year certificate and save yourself the trouble.

codersmurf · August 2, 2016, 7:56pm

Hahaha, thx, I’ll do that now. If it were up to me I would go ahead and pay up, but not my call. There’s actually a way to set a cron to auto renew with certbot, I’ll end up using that.

Kevin.Herron · August 2, 2016, 8:07pm

Yeah, but you’re also going to have to automate the part where you import it into the keystore used by Ignition.

codersmurf · August 2, 2016, 10:28pm

Where is the gateways keystore by the way?

Kevin.Herron · August 2, 2016, 10:35pm

It’s {wherever_you_installed_ignition}/webserver/ssl.key

codersmurf · August 3, 2016, 2:32pm

So I ran the linux installer, the default dir, there’s some stuff in:

ls /var/lib/ignition/
data Gateway temp user-lib

ls /etc/ignition/
gateway.xml gateway.xml_clean ignition.conf log4j.properties

There is this:

ls /var/lib/ignition/data/certificates/
cert-chain-store cert-chain-store-old gateway_network

I tried the chain, both full and the other one, as the cert-chain-store file and still no good?

Kevin.Herron · August 3, 2016, 2:41pm

Bleh. The installer.

What’s in /var/lib/ignition? Is the webserver folder in there?

codersmurf · August 3, 2016, 2:54pm

Found it, for ref it’s in /usr/local/bin/ignition