I created a CA, a CSR, and the ignition gateway key/cert using openssl on linux (WSL).
I ran into a problem when using Config -> Networking -> Web Server -> Setup SSL/TLS. I dropped each file into the web interface - but after dropping in the last file (CA cert), the page content goes blank. Error log shows:
Can you share the CA and end-entity certs?
Maybe this helps. I'm not sure what exactly might be sensitive info - so most of it is missing 
(removed)
You'll have to share the unredacted PEM files. Other than some names there's nothing in there that should be considered sensitive, it's only the public side of the keypairs.
If you can't do that then just give support a call instead.
I can make up sample certs with generic names and send those intact. Likely tomorrow. Thanks for the help!
Here is a full sample with all cert's and keys. Dropping those files into the ignition SSL setup page results in a blank page for me.
sampleCA.zip (22.2 KB)
Ok, actually already have a ticket for this bug.
The Authority Key Identifier extension on your CA cert is missing the "Key Identifier" component, which results in an uncaught error and internal HTTP 500, which is why you get the blank page.
Although all components of the AKI are technically optional:
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
Ignition currently expects the key identifier. I'm not sure if the ticket I mentioned will change this assumption or just fix the error handling when a certificate can't be validated.
That did it.
Changed line 16 of sampleCA.conf to
authorityKeyIdentifier = keyid:always,issuer:always
to include that field in the AKID and make ignition happy!