Problem with SSL security

#1

HI!!
I recently changed the Ignition gateway through the SSL port instead of the 8088.
I openned the firewall and i can see the main page, but when i’m trying to open de designer, i got a Error.
SocketTimeoutException: connect timed out.
I check the java console and i got this:
[color=#BF0000]Connect Step [attempt 1] connecting to: :8088/main….
Connect attempt 0 for address ****:8088/main failed.
java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at com.inductiveautomation.ignition.client.launch.steps.ConnectStep.downloadManifest(ConnectStep.java:99)
at com.inductiveautomation.ignition.client.launch.steps.ConnectStep.downloadManifest(ConnectStep.java:72)
at com.inductiveautomation.ignition.client.launch.steps.ConnectStep.run(ConnectStep.java:46)
at com.inductiveautomation.ignition.client.launch.AbstractStepRunner.run(AbstractStepRunner.java:32)
at java.lang.Thread.run(Unknown Source)
java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at com.inductiveautomation.ignition.client.launch.steps.ConnectStep.downloadManifest(ConnectStep.java:99)
at com.inductiveautomation.ignition.client.launch.steps.ConnectStep.downloadManifest(ConnectStep.java:72)
at com.inductiveautomation.ignition.client.launch.steps.ConnectStep.run(ConnectStep.java:46)
at com.inductiveautomation.ignition.client.launch.AbstractStepRunner.run(AbstractStepRunner.java:32)
at java.lang.Thread.run(Unknown Source)
[/color]

When i’m trying to launch a project it exactly the same.
Why the are trying to connect through the 8088 port???!!
I have to restart the ignition service?

0 Likes

#2

No, you have to open up both port 8088 and port 8043 in order to launch the application. Even though it appears to launch over 8088 it will use SSL once started up.

0 Likes

#3

Yes, I saw my mistake yesterday. The main page and the mobile SCADA worked good coz I let the port 8043 open, but the others are still using 8088.
But now i have a doubt, when i launch a SCADA is the data traffic encrypted?

0 Likes

#4

Yes, the traffic will be encrypted if you launched from the https page.

0 Likes

#5

This appears to still be the behavior with 7.9.10. We also recently modified to use SSL (and changed to port 443), obtained a signed certificate, and proceeded to shutdown port 8088 on our firewall. The exact same behavior above still occurs. Is there anyway to prevent this and force all traffic across 443?

Thanks!

0 Likes

#6

The issue has already been fixed in 8.0, but will not be fixed in 7.9.

0 Likes