Niagara 4 - Server Certificate Issues

[orion242]

Would like to know what support comes back with.

Wildcard certs would be my first choice if I had to deal with fully valid certs end to end in a large install. Even if its *.bms.biz.com.

Our controllers are going to have the option of ssl comms soon. Can't imagine the headache of having individual certs per device. Massive PITA without wildcard certs.

[incontrol]

I ran across a good video here https://www.youtube.com/watch?v=jk0F_ZDZg1U

[Ctl-fool]

Any updates on this? am running into similar issues with wildcard cert - turns green, but still having access issues

[orion242]

Little details given.

You accessing things with IPs or FQDNs? IPs will not work with wildcard certs.

[Ctl-fool]

here is what I am getting in app director:

WARNING [10:35:09 23-Jun-23 CDT][web] unable to obtain certificate 'umesccowley.iot.usgs.gov' (certificate does not verify with supplied key), trying default

[orion242]

Would take a look at this.

https://www.niagara-community.com/s/...curity-warning
https://www.niagara-community.com/s/...ubleshoot-this
https://www.niagara-community.com/s/...h-supplied-key

Tridium is a special snowflake when it comes to certs, especially if they have been created or touched outside of WB. The order of things has to be right or it pukes. Can't say I have seen them turn green and not work after importing them, but looks like that may possible.

Also would note that a wild card only applies to that level in the FDQN. So a wild card cert for "*.abc.com" is good for foo.abc.com and headbang.abc.com but not deathby.papercuts.abc.com.