@jspecht I'm at the point with the CWS API that I'm ready to download a cert. We can download it in PKCS12 which will be what Ignition needs (SSL cert + private key). The thing I'm currently trying to wrap my head around how to do is related to the key store and private key passwords which Ignition defaults to "ignition".
In the API there are these requirements which are in code so we cannot bypass at the time of call:
So from the start we can't even get a cert back unless I use a more sophisticated password. Then if I am not mistaken we can change the key store password but we cannot change the private key password once it is issued. Correct me if I am wrong, but the only option seems like we have to add these parameters to the ignition.conf
file.
Then, if we change the password by manually modifying the ignition config file, there are 2 issues:
- If we do it on a gateway that is already running, it will break SSL
- Since we can only specify it statically, we'd be using the same password everywhere, something security may bite us for in the future.
I may be mistaken in my understanding.
Thanks,
Nick