It is my first time working with SSL certificate. I am in the process of migrating from Ignition 7 to Ignition 8. Ignition 7 did not have SSL enabled while in Ignition 8 we are trying out the SSL. Due to the fact we are testing out so we are using Self signed certificate.
I created the self signed certificate through ignition 8 gateway (Networking → Webserver). My gateway is running on Windows Server 2016. Once the ssl was enabled, I went into the address bar and exported the certificate and saved it under C:\users\username.ignition\clientlauncher-data\certificate. I was able to successfully launch the visionclient launcher. Using the same methodology, I got the visionclient launcher to work from my laptop.
The same methodology did not work on Ubuntu 18.04. I was using chrome to export the certificate however in ubuntu chrome does not even allow me proceed to the website and returns with the following error(please see below).
I then used firefox and saved the certification’s …/.ignition/…/certificate folder. But when I launch the client launcher and add the gateway URL with 8043 port it says SSL certificate not found. I would really appreciate if you can help me out with this.
Thank you for the quick response pturmel. I will try it out but just to confirm will this work with self signed certificate. Based on the folder location it appears that its looking for ca certified certificates.
I tried your way but unforunately, it did not work.
I have been using the self signed certificate that I created via Ignition gateway. We do not have internal CA but I would imagine any windows server can act as a internal CA.
OpenSSL can create a self-signed certificate that has the CA flag turned on. Anyone can make a private CA. These two commands will make a password-protected private key and then a CA cert good for ten years:
Repeat the latter section as needed for new servers, incrementing the serial number each time.
Uhm, no. At its core, a CA is a specially-created certificate that can sign other certificates. It's not a server, per se, though publicly-trusted CA holders generally provide a web interface to request signed certs.
Just so I understand correctly, that instead of using the self signed certificate that I created from Ignition gateway, NETWORKING --> Webserver tab. I will be using openssl to create a self signed certificate.
For "CN" i will use the URL that will get me to the gateway server minus the port number.
I may have few more questions as I work through your steps.