Hey all! I’m working on trying to better secure my Ignition Gateway, so I’d like to switch everything over to SSL communication. I’ve mostly got it figured out but I have one issue still remaining with some Vision windows that use the IP Camera Viewer.
My gateway has two network interfaces, one to the “controls” network (which includes the IP cameras) and the office network. The IP Camera Viewer block uses the Gateway’s URLProxy (http://ignitiongateway-officenetwork:8088/main/system/urlproxy?url=http://webcamIPonControlsNetwork…) to access the camera feed so clients on the office network can see the cameras too. But these IP Camera Viewers break when I turn on Force Secure Redirect.
Do you see the error in the Designer? I wonder if this is similar to this forum post - Valid Certificate Path Problem
Where they were able to add the certificate to the Vision Clients in the .ignition/clientlauncher-data/certificates directory to authenticate there.
I suggest opening a Support to help troubleshoot this issue if it is possible or not. Please contact us here! We would like to review your Certificate and see what else we find in the logs https://inductiveautomation.com/support/home/
The certificate is in .ignition/clientlauncher-data/certificates and Designer and Vision are both accessing the Gateway via https using the certificate. The camera views work fine when I connect via SSL and Force Secure Redirect is off. Its only once I force everything to SSL only that it breaks.
I thought it might be because the cameras are not SSL maybe it doesn't like the SSL urlproxy accessing a non-SSL site on the other side? But if I pull up the URL doing that (SSL from client to gateway, non-SSL from gateway to camera) in my web browser I can see the camera feed fine, the IP Camera Viewer just doesn't want to.
I'll open a ticket soon, I need some downtime in production to test and generate some more logs since I don't have a test environment. The last time I tried it has rolled off the log already.
Inductive confirmed this is a bug in the IP Camera Viewer module and that I'd have to wait for them to release a fix in a future Ignition update. They recommended using the web browser component module in the meantime as a workaround, but my company didn't pay for that in my license so you could use that if you have it.
