Creating and using a new wildcard SSL cert for a No-IP domain using Ignition 8.0 +.
Purchase the SSL Cert: Log into No-IP and purchase it.
Create a folder to store files created or needed in.
Create the CSR (Certificate Signing Request):
a) Fill out the details
Common Name: *.wildcard.com (or your domain)
SANs: (Use only Static IPs…)
I’m experimenting with these, I think the server static IPs can go here.
Other data is self explanatory.
Save the CSR in the folder and submit to No-IP.
a) Server Type is Tomcat
b) Paste the whole csr text into the form.
c) Fill out the verification forms.
Use verification email to verify the info.
After receiving the Completed order SSL Certs, import the three files you are sent one at a time into the Ignition page.
They are entered in the order in the email. (Server, Intermediate, Root)
Ignition instantly switches to SSL enabled and your browser gives you a connection error.
Check that the cert is for *.wildcard.com (your domain).
Save the Cert from your computer.
Install the Cert for your Customers:
For Ignition 8.0:
-If necessary run windows explorer as an admin.
-Copy the ssl.pfx to the webserver folder. In windows that should be here:
C:\Program Files\Inductive Automation\Ignition\webserver
-Turn on force Secure Redirect.
Config > Web Server > Force Secure Redirect
For Ignition 7.9
a) Convert the file if not done… Download and install Keystore Explorer (or figure out the java command line…)
-Open the ssl.pfx file. (Password is “ignition”)
-Save as ssl.key or some other new file.
-Convert to file type JKS (Java Keystore). (Again password is “ignition”)
-Rename the “ignition” entry to “tomcat”.
b) Move file to the webserver folder on the Ignition gateway.
-C:\Program Files\Inductive Automation\Ignition\webserver
-Rename the existing ssl.key file
-Move and rename the converted keystore to ssl.key
c) Restart the gateway or the Ignition service. (You may need to restart the entire computer.)
d) Change Gateway settings to use SSL.