SSL enabling - Issue with client

Hello Ignition’s ninja!

Ignition 8.0.12

We enable SSL yesterday. I can connect to the gateway webpage using https and port 8043. Yeah!

But when I try to add a client using the client launcher, here is what I get:
image

How can I solve that?

Does the SSL certificate have the hostname shsvindig01 in either its CN or SAN extension?

Same thing:
image

The certificate does have the short name and FQDN in the SAN. Also in the CN. Is it suppose to work with these settings in place?

Hmm, it should. Was the certificate issued by a public CA or an internal CA?

@jcoffman you have any ideas?

My guess is this is self signed or signed by a CA which isn’t trusted by default. In 8.0.13 we added the ability to import the certificate to be trusted on the fly in this case with a quick prompt to the user. before this you could add the certificate to ~/.ignition/clientlauncher-data/certificates and relaunch the launcher

I put the certificate on the client side or on the server side?

And does the certificate need to have a specific name?

client side, no specific naming scheme is required, though it might make sense to name it something that tells you what gateway(s) its for.

Highly suggest updating to 8.0.13 or later if you can. The improvements in cert handling helped my tremendously with figuring out what was going on at our sites.

Also good to double check there is no security appliances messing with your certs. Our IT has software that re-writes all SSL certs on the fly, so they never come from where they say they are from and Java will not trust them. We needed bypasses for all our Ignition certs. Just throwing it out there as another possibility.

2 Likes