Raspberry pi ssl configuration problems

Hello everyone, we are currently experiencing some issues with our Raspberry Pi's and Ignition connections/SSL configurations. We have a SSL enabled gateway and are trying to access perspective pages from a Raspberry Pi. We run the legacy.sh script to run vision clients of some dashboards on the Pi's as well.


Our first problem is that when we enable the 'force secure redirect' on the gateway, our Pi's cannot connect because of the newly configured SSL. Our second problem is that perspective pages are unsecure on the Pi's but are secure on other connections (just not the pi's).

When attempting to connect to the perspective page, we are met with the page being unsecure and asked to proceed manually while on the Pi's. However, when navigating to the address from a PC, we do not get the unsecure message, and the connection is fine.


We tried putting our root CA certificates into the Raspberry Pi's SSL folders and then restarting the Pi, but that did not help. Our goal is to have the same output as on a PC and for the perspective pages to be secure. We are not sure what direction to go from here

Can anyone suggest a solution or a direction to troubleshoot this issue? Any help would be greatly appreciated. Thank you in advance.

If anyone has any general knowledge or things to keep in mind with ssl and configuring devices please do not hesitate to mention any of that too.

Can you click on that "Not secure" in Chrome for more info about why it's not trusted?

Does the certificate have the hostname you're using to access the gateway in it? Have you tried adding the root certificate to Chrome itself instead of the OS trust store?

This is the not secure message on the PI

And this is the same message while on the PC

I have not tried adding the root certs to chrome itself, will try and let you know results

Adding the root certificate chain to chrome fixed this issue with perspective but, while having the certificate chain in the os and chrome would I be able to have 'force secure redirect' enabled and have a connection while on a vision client running the legacy.sh script on a pi too?

You may also need to add the certificate to Java's cacerts keystore.

Thank you! So I now currently have the chain in my java's cacerts keystore, the os's and chromium's for all this to work