I am attempting to set up the Perspective app on an Android tablet to create an inventory scanning station in our clean room (I want to use the tablet’s camera as a barcode scanner).
First off, I am able to connect to the Ignition gateway in a web browser on the tablet so I don’t think this is a firewall issue.
I’ve entered in the IP address of the host device (Opto 22 Groov EPIC) and port 8043 (so, 192.168.3.206:8043) in the Gateway URL field after clicking Manually Input Gateway. On the next screen, when I select “Import to App (Default)”, then “Next: Install Certificate”, then “Trust Certificate”, I get the error message: “Certificate Error. Unable to reach gateway after installing certificate.”
I have also tried port 8060 and 8088, and I’ve tried entering in both http:// and https:// as the prefix to the URL with all three ports, to no avail.
I have also tried Import to Device with all of these combinations and get the warning from the Android tablet itself: “Private key required to install certificate”. Has anyone encountered this issue with the mobile app?
I’ve also tried using the hostname instead of the IP address on the page where you enter the gateway URL, but get the message “Host invalid”
I'm guessing your cert is using a hostname, so you have to use the hostname on the client. But it sounds like maybe your network isn't setup to resolve that hostname.
I am also unable to reach the gateway in a web browser on the tablet using the hostname
The default port for HTTPS on Ignition is 8043.
I was able to connect to the Gateway through the Perspective app by creating another certificate in the Gateway with a Subject Alternative Name. I guess Android won’t let you install a certificate without the SAN.
A bit late to the party here. But, yes. The trick is adding any additional SANs (Subject Alternative Names) to your groov EPIC or RIO's certificate.
This can be done at web server certificate generation (in groov Manage with EPIC/RIO firmware 4.1.1 or later) or by using a Private CA to sign the EPIC/RIO's CSR (certificate signing request).
The Private CA method is the one I use for 2 primary reasons:
- The ability to add many SAN entries for IP addresses and DNS names during the cert signing process
- Each client only needs one cert installed in their device trust stores (the Private CA's public cert) for all the groov devices signed by the same cert.
Here's a helpful guide on this process, which includes information about creating a Private CA: Getting a Trusted Connection Between a Web Browser and groov EPIC | Opto 22 Developer
Note that if the EPIC/RIOs certificate is changed or updated, our experience is that a restart of Ignition on the EPIC/RIO is required to pick up the new cert.
-Benson
2 Likes