Hi Guys,
Some time ago we setup SSL. I wanted to know, what could happen if the certs expire before we take action to renew? Could our Ignition clients lose communication to server? Is there any way I could setup an email notification reminder that triggers say a month before a cert expires?
Yes.
No, but you could put an entry in your own calendar....
Thanks Phil!
I know I can put an email in my own calendar but I try to take individuals out of the equation where possible (what happens when I leave the company!). As an example, I used to use ‘On_Call Rosters’ in email notification pipeline blocks but then I had to constantly edit myself in the gateway when people wanted to edit members. I switched to using a calculated roster type that emails an outlook email contact group (managed by IT). Now I simply request new contact groups and forward member edit requests to IT.
The Gateway → Web Server → Certificate Details has the information I want, it even has a warning on that screen if it is to expire ‘soon’. I think I will submit an idea to IA to perhaps have the ‘Not Valid After’ date as a system tag so we can do what we want with it.
The humor fell flat… /:
If I renew my SSL cert before It is going to expire by automate SSL process. Will that impact on clients which are running at shop floor?
I just wanted to be sure once the certificate is renewd automatically, Shop floor clients will be impacted anyway?
Depending on how old your version is, you may need to restart the gateway. At the very least, clients will need to renegotiate a secure connection, so some seconds of shop floor breakage is likely.
Have you tested with a trial install?
We are using Ignition 8.1.16
Another concern is If clients are running at shop floor and meantime certificate renewed on the server, what will impact in client, process will be intrrupted?
@dion.botha how many gateways are you managing? If its more than a handful, you should consider automating the cert renewal process that way you don't have to worry about it at all. Inside of that you can include checking of the installed certificate date.
You can automate certificate renewal: