Ssl

Hillbird · October 23, 2015, 10:57am

Dear reader,

I followed the instructions
support.inductiveautomation.com … ertificate

and got the site to work using port 8043, for which our networking department opened the port in the firewall. However it’s considered Untrusted, unless I manually add it to the trusted Root store of the certificates. This step shouldn’t be necessarry. Anybody an idea about how to solve this?
I currently have version 7.8 installed in the testenvironment where we try this out.
We reuse the SSL key from our website thats hosted on the same server test.poninsight.com

We also tried binding the port > netsh http show sslcert
IP:port : 0.0.0.0:8043
Certificate Hash : 41f3c7d2731a9544f03a549b1dd4b0f676b84fa4
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled

pturmel · October 23, 2015, 12:53pm

Your server is still offering Ignition’s self-signed certificate on :8043. You need to make sure you installed the new keystore correctly, and restarted Ignition.

pturmel · October 23, 2015, 12:59pm

Also, did you notice in the instructions:[quote]The security certificates the CA sent you are signed against the keystore that generated the CSR.[/quote]