Server certificate is self-signed

Ignition 8.1 enabling web server SSL.

I have created a self-signed certificate using the New-SelfSignedCertifcate function in PowerShell. I can import the Private Key but when I import the Server Certificate I get an error “Server certificate is self-signed”.

Can we not use self-signed certificates in 8.1?

You can install self-signed certificates in 8.1. The easiest way to do this is to let Ignition generate one for you. Assuming you have not yet installed a certificate, go to the Gateway Web Interface > Config > Networking > Web Server page, click the “Setup SSL / TLS” button, click the “I don’t have all the items above” button, fill out the required fields in the form, then at the bottom of the form, click the “Show advanced properties” checkbox to reveal the “Install Self Signed Certificate” button, which you can click to generate a self-signed certificate based on the form you just filled out.

If you’d rather use your own self-signed certificate generated outside of Ignition, you’ll need to create a PKCS12 key store file named ssl.pfx, and add an entry with your private key and self-signed certificate, the move this key store file to $IGNITION/data/webserver/ssl.pfx (where $IGNITION is the installation directory of your Gateway).

Ignition assumes the key store entry’s alias, key store password, and private key password are all “ignition”. If this is not the case, you must set system properties ignition.ssl.keystore.alias, ignition.ssl.keystore.password, and/or ignition.ssl.privatekey.password respectively in your ignition.conf wrapper file with the overridden values.