I finally decided to secure ignition more fully and installed company signed certificates to secure the website so turned on “Use SSL” under Gateway Settings and use 8443. This works great for the website and java webstart however Native Launcher Clients will not take the 8443 port but will use the old unencrypted 8080 port. They will start to launch but will fail with “ValidationException: Unable to communicate with gateway”. Is there a different setting that needs to be set for native client to use the ssl port as well. Do I need to import the company CA into a certificate bundle somewhere?
Tested on Windows 10 with Ignition 7.9.8.
Try specifying the gateway address as ::, eg: 10.20.1.100:8088:8443 when connecting. Also, make sure that both the HTTP and HTTPS ports are accessible over the network - while actual client traffic will go over HTTPS, some resource downloads still go over HTTP in 7.9, even with SSL enabled.
1 Like
Understood. Thanks. That fixes the problem with machines that have Java 8. It does not work for machines that still use Java 6. Unchecking “Use SSL” addresses it but still prefer it enabled.
According to product page 7.9.8 still supports Java 6 but we have had a lot of issues with launching ignition with it (understood not IA fault) in those environments. Unfortunately, Java 7,8,9 breaks other legacy applications for some users so we have to support Java 6 for them until those apps are decommissioned. Its nearly impossible to have 6 coexist with 7,8,9 properly in our experience so we hoped native launcher would work as java webstart does not (and being effectively killed by oracle anyway). I’d also prefer to have SSL enabled everywhere by default if possible.
From download page:
Minimum System Requirements (v7.9.8)
Java 6/7/8/9 (designer/client)
If these are Windows clients, you can leave the system installation as 6, and bundle a higher version of Java with the client launcher executable:
https://docs.inductiveautomation.com/display/DOC79/Native+Client+Launchers#NativeClientLaunchers-JavaRequirements
You will need to package the JRE installation folder on another machine as a .zip file, and extract the zip to a /jre folder next to clientlauncher.exe. The client launcher will use your JRE both for its own execution and for the launched client.
Note that the native client launchers themselves are going to download directly with a bundled JRE (9) in an upcoming version of Ignition 7.9.
Thanks. Confirmed to work for us.
Hi! Could you please tell me what would be the workatound in the case of mac OS clients?