Hi all,
I’m new to Ignition, I’ve been using it since last December so please be indulgent with me here 
To clear things up: I use windows 10 pro version 20H2 and Ignition 8.0.17.
I am trying to have a web page that is into a PLC on the network. The problem is that this works in IE and Brave (based on Chrome) in windows itself by accepting the risks going into that page anyway (ERR_CERT_AUTHORITY_INVALID) but it does not work within Ignition’s web browser because I can’t click proceed anyway.
I tried to follow this but the problem is I can’t get this to work. I did extract the certificate from Brave (for some reason I can’t do it from IE) and then I imported it in windows in the “Trusted Root Certification Authority” but there is still the “NOT SECURE” in Brave as well as IE.
How am I supposed to get that web browser to display the web page?
Any help would be very appreciated.
Thanks
Thank you for helping.
I did tried this a few days ago without success. I should also mention that the certificate is coming from a Siemens windows embedded since it is a Siemens TP1200 touchscreen.
I managed to get it working in IE (I didn’t even knew it still exists…) but only https://192.168.3.201:5800 is secured not https://192.168.3.201 (which probably uses port 80). It doesn’t work in Edge (made from chrome) and doesn’t work either in Brave (also made from chrome).
https://192.168.3.201
few seconds later… https://192.168.3.201:5800 (certificate from the web page has been installed in the windows in the Trusted Root Certification Authority):
I’m investigating the Siemens side even though this is our sub-contractor hardware and I can’t test any of it without them.
It seems I’m missing the private key used by Siemens software to generate the certificate.
I find Ignition documentation not very explanatory and I can find multiple different answers to this issue without finding something that really fixes it. Certificates always been a pain for me.
I’ll keep looking and post my results when I get it to work. I also welcome any help
Thanks
Hi,
I’ve found a bit more time to spend on this but it is still very unclear what’s required to have certificates working.
If I try to set it up from the gateway web interface it does not want to use the certificate because it is self signed
Is this mandatory to have it configured in the ignition web server or have the certificate in the correct folder on the gateway (as in the link you shared) or maybe both?
Thank you for the help.
You need to put it into the supplemental certificate folder as described in the user manual link above.
The page you are looking at is for setting up the SSL/TLS certificate that the Ignition Gateway web server uses. It’s not what you’re looking for.
Thanks for the prompt answer, it clarifies things a bit.
I’ve tried this but maybe it wasn’t working because I did not restart the gateway. I’ll try this when I get the chance.
Hi,
I managed to get a Siemens PLC and a HMI so I can test the Smartserver secure connection.
I’m trying to start from scratch to make it work and I don’t understand why I can’t get Smartserver to work properly with SSL disabled.
I disabled the requirement for SSL in the gateway network general settings. I disabled as well the encryption of communication in the Siemens smartserver settings. but it actually changes nothing.
I mean, I still can’t connect to it through the web browser even though I managed to get the Siemens certificate into windows which fixes the secure connection between the HMI and IE but I still have the unsecure warning in Vivaldi, brave, edge… It’s not better in Ignition where I still get
ERR_CERT_COMMON_NAME_INVALID
I did put the certificate in the folders:
- C:\Program Files\Inductive Automation\Ignition\data\certificates\supplemental
- C:\Users\corentin.m.ignition\clientlauncher-data\certificates
I also noticed while looking at the modules on the gateway that some are marked as ‘Running’ and some as ‘Loaded’. I did not configure the Ignition SSL/TLS prior to this.
I should also mention that while experimenting at home I have no license at all as it is in our touchscreen in the office.
I still need help with this as I can’t even establish unsecure connection, thank you!
Can you upload a copy of the certificate? It sounds like it doesn’t have the correct hostname in its Common Name or Subject Alternative Name DNS entry.
There you go: SiementTP1500Certificate27072021.cer (792 Bytes)
Thanks for the responsiveness 
EDIT: I don’t know much about Siemens so I couldn’t tell a lot from that side. What I know is that it is a basic certificate generated by TIA Portal, the Siemens programming software suite.
I think in order for the embedded browser component to utilize the supplemental certificates added to clientlauncher-data/certificates you may need to be on a more recent version of Ignition. (This is about the browser component in a Vision Client, right?)
I’m still not sure if an IP address in the CN is going to be considered valid or not.
Alright.
Could you investigate on the Ignition version possible restriction and I look into the IP in the CN.
I found the Siemens part where I adjust a few things and I need to test more on that side.
Thank you for your help @Kevin.Herron
EDIT: Yes, it is about the web browser module in a vision client (actually the gateway). the version I use is 8.0.17.
Is it normal that after deselecting the ‘Require SSL’ (in the ‘Gateway Network’ part in the web config) the web browser module keeps adding the ‘s’ to http in the address bar?
I’m still trying to make the connection work without SSL at all. Then I’ll try to add the SSL layer to it.
It’s normal in a sense because it’s entirely irrelevant.
It sounds like the server you’re connected to may be forwarding you to the HTTPS address, which is a pretty normal thing to do when a web server is configured to use SSL/TLS.
Ok.
Can anybody confirm or not I need a more updated version of Ignition than the 8.0.17 to use the web browser module with security? What about without security?
I’m not sure as I’m not an expert with TIA Portal but I think I deactivated the SSL requirement on the panel.
It’s not just “with security”; if you were using a standard SSL certificate issued by a public CA for a public server this would work fine. If your webserver didn’t have an SSL certificate configured (or wasn’t forwarding you to the HTTPS address) it would also work fine.
It does look like in order for the Web Browser component to look at the contents of the clientlauncher-data/certificate you’ll need to be on at least version 8.1.4. Prior to that I think it would default to looking at the system certificate store (of the system running the Vision Client), but it sounds like you tried that already.
If you can’t get this working after upgrading and need someone to walk you through with a screen share give support a call.
Seems like I need help from support.
The documentation for the 8.0 has the folders explained for certificates without warning, my guess was that it should work fine.
Hi,
Have you resolved this already?
If you are using windows 7 or above (for the designer and client), you might want to add the CN to your Hosts file located at C:\Windows\System32\drivers\etc
ex…
127.0.0.1 mywebsite
change 127.0.0.1 and mywebsite to your ip address and the CN of the certificate.
I have not resolved this yet. I’m in contact with my local support.
I also have plenty of things to work on aside from that problem this is why I can’t update infos here that often.
Thanks for suggesting to modify the hosts windows file. I’ll try that but I’m not sure why it would help but worth a try.
Ignition web browser module identifies the CN instead of the IP Address. If you add the CN name and the corresponding IP address of the website you are trying to access to the client machine hosts file, you can then access the website using the CN name that the Ignition web browser module can identify.
