AX Security Certificate

[Igotworms]

Im trying to get https to work on my FX20, its at niagara version 3.6.47.9. I have the crypto.jar file installed and I believe it is licensed (jar file size is 880.1 KB). According to the cryptoservice doc file that should be the right size of the file if it is licensed. What I can't figure out is where the Tridium security certificate is. I dont think I have it on my station. According to the screen shot its under the security folder in the files section, but I dont have a security folder. I cant seem to find it anywhere. Does anyone know where to get this certificate?

[Igotworms]

It looks like Im going to have to create my own certificate.

[checkvalve]

You need to have the crypto feature in the license for the JACE. You also need to install the crypto.jar to the JACE and copy the crytpo service from the crypto palette to the services container in the station. I think you also need to restart the station after adding the service.

This should setup the JACE with the certificate key store and trust store, and it will be using a default self signed certificate. You can use the Java keytool class to generate a different certificate and get it signed by a CA.

Based on your other post you are just trying to setup an outgoing account to use SSL to connect to the email server. You shouldn't need to setup a different certificate for the JACE because in that case the JACE is just acting as a client when connecting to the email server via SSL.

When setting up the outgoing account you will need to change the port to whichever port the server uses for the SSL connections as well as enabling the SSL property on the outgoing account.

[Igotworms]

You need to have the crypto feature in the license for the JACE. You also need to install the crypto.jar to the JACE and copy the crytpo service from the crypto palette to the services container in the station. I think you also need to restart the station after adding the service.

This should setup the JACE with the certificate key store and trust store, and it will be using a default self signed certificate. You can use the Java keytool class to generate a different certificate and get it signed by a CA.

I tried this on my FX20 in the office and for some reason it didnt work. I tried the same thing to the FX20 on site and it worked perfectly. The only thing I can think of is that my FX20 in the office was upgraded from 3.3.31 to 3.6.47.9. The one on site was at 3.6.47.9 right out of the box. That leads me to believe that my FX20 is missing the license for the crypto service for some reason. I got it to work on the one that matters, thanks for all the help.

[Igotworms]

I got https to work but now I cant access it from outside the building. I can get the log on screen but workbench doesnt load fully. The HX profile works ok but not the workbench profile. Is there something else is need to do in webservices? Here is the error I get when I log in.

Cannot invoke the command "Home"

javax.baja.naming.SyntaxException: station:|slot:/fxApp
at com.tridium.workbench.shell.BNiagaraWbApplet.ordTo Url(BNiagaraWbApplet.java)
at com.tridium.workbench.shell.BNiagaraWbApplet.hyper link(BNiagaraWbApplet.java)
at javax.baja.workbench.BWbShell.hyperlink(BWbShell.j ava)
at com.tridium.workbench.shell.WbCommands$HomeCommand .doInvoke(WbCommands.java)
at javax.baja.ui.Command.doInvoke(Command.java)
at javax.baja.ui.Command.invoke(Command.java)
at javax.baja.ui.BButton.doInvokeAction(BButton.java)
at javax.baja.ui.BAbstractButton.mouseReleased(BAbstr actButton.java)
at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java)
at com.tridium.ui.awt.MouseManager.fire(MouseManager. java)
at com.tridium.ui.awt.MouseManager.fire(MouseManager. java)
at com.tridium.ui.awt.MouseManager.released(MouseMana ger.java)
at com.tridium.ui.awt.MouseManager.process(MouseManag er.java)
at com.tridium.ui.awt.AwtShellManager.processMouseEve nt(AwtShellManager.java)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
java.lang.NullPointerException
at javax.baja.naming.BOrd.make(BOrd.java)
at com.tridium.workbench.shell.BNiagaraWbApplet.ordTo Url(BNiagaraWbApplet.java)
at com.tridium.workbench.shell.BNiagaraWbApplet.hyper link(BNiagaraWbApplet.java)
at javax.baja.workbench.BWbShell.hyperlink(BWbShell.j ava)
at com.tridium.workbench.shell.WbCommands$HomeCommand .doInvoke(WbCommands.java)
at javax.baja.ui.Command.doInvoke(Command.java)
at javax.baja.ui.Command.invoke(Command.java)
at javax.baja.ui.BButton.doInvokeAction(BButton.java)
at javax.baja.ui.BAbstractButton.mouseReleased(BAbstr actButton.java)
at javax.baja.ui.BWidget.fireMouseEvent(BWidget.java)
at com.tridium.ui.awt.MouseManager.fire(MouseManager. java)
at com.tridium.ui.awt.MouseManager.fire(MouseManager. java)
at com.tridium.ui.awt.MouseManager.released(MouseMana ger.java)
at com.tridium.ui.awt.MouseManager.process(MouseManag er.java)
at com.tridium.ui.awt.AwtShellManager.processMouseEve nt(AwtShellManager.java)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)

[Igotworms]

I think I have to open all ports. I didn't realize all of them needed to be open when only using a browser.

Problem:

The browser cannot complete login to an FX20/40/60 with a DSL Internet connection.

When a browser connection is initially established to a FX20/40/60, the following will occur as expected:
- log in screen is displayed
- user is able to enter Username and Password
- downloading of modules to browser PC executes normally

The FX20/40/60 home page will then begin to display, but before it is completely rendered, the connection will revert to the log in screen.


Error Message:

Cause:
Port forwarding had not been set up for all required IP ports. Typically, the following ports must be available, at a minimum:
Browser/HTTP port 80
Fox protocol port 1911
Platform port 3011

[checkvalve]

To access from the internet you would need to open the following ports for station access.

Browser/HTTP port 80
Browser/HTTPS port 443
Browser using a WB profile/Fox port 1911 (or whatever port you have configured the station's fox service to use)

The only reason you need to open port 3011 is if you want to use Workbench to make a platform connection to the host from the internet.