Differences

This shows you the differences between two versions of the page.

--- wiki:third-party-certs [2023/07/27 16:09] – created mbrauer
+++ wiki:third-party-certs [2023/07/27 17:29] (current) – mbrauer
@@ Line 1: / Line 1: @@
-# Introducing a Third-Party CRT File to Ignition Supplemental Cert Library for SiteSync Communication
+======  Introducing a Third-Party Cert File to Ignition Supplemental Cert Library for SiteSync Communication ======
-## Overview
+** Overview **
 Ignition is an industrial automation software platform that allows for seamless communication and control of various devices. To ensure secure communication, Ignition utilizes SSL/TLS certificates for encryption and authentication. However, in certain cases, you may need to communicate with devices that use self-signed or unrecognized certificate signers. In such scenarios, you can introduce a third-party CRT (Certificate) file into the Ignition supplemental cert library, allowing SiteSync to communicate with these devices securely.
@@ Line 7: / Line 8: @@
 This technical documentation outlines the steps to add a third-party CRT file into the `data/supplemental/certs` directory of Ignition and restart the Ignition gateway to enable SiteSync to communicate with self-signed or unrecognized certificate signers.
-## Prerequisites
+** Prerequisites **
 - A running Ignition Gateway with administrative access.
-- The third-party CRT file that needs to be introduced into the Ignition supplemental cert library.
+- The third-party CRT or PEM file that needs to be introduced into the Ignition supplemental cert library.
-## Procedure
-### Step 1: Obtain the Third-Party CRT File
+** Procedure **
+** Step 1: Obtain the Third-Party CRT File **
 Contact the device or system administrator to obtain the third-party CRT file. This file should be in the `.crt` format and contain the public key of the certificate issuer.
-### Step 2: Connect to the Ignition Gateway
+**  Step 2: Place the CRT File in the Correct Directory **
-Ensure that you have administrative access to the Ignition Gateway. Open a web browser and enter the URL for the Ignition Gateway web interface. Log in with your administrative credentials.
-### Step 3: Access the Gateway Settings
-Once logged in, navigate to the Ignition Gateway settings page. This is typically found under the "Config" or "Configuration" section of the web interface. Look for an option such as "Gateway Settings" or "System Settings."
-### Step 4: Locate the Data Directory Path
-On the Gateway Settings page, find the "Data Directory" path. This path indicates the location where Ignition stores its configuration and data files.
-### Step 5: Place the CRT File in the Correct Directory
 Using a file transfer method (e.g., SCP, SFTP, or direct file access), copy the third-party CRT file into the `data/supplemental/certs` directory within the Ignition data directory. If the `supplemental/certs` directory does not exist, create it manually.
@@ Line 37: / Line 28: @@
 ```
 Ignition/
 └── data/
-    └── supplemental/
+    └──certificates/
-        └── certs/
+        └── supplemental/
             └── your_third_party.crt
 ```
-### Step 6: Restart the Ignition Gateway
+**  Step 3: Restart the Ignition Gateway **
-To apply the changes and make the third-party CRT file available to SiteSync and other components, you need to restart the Ignition Gateway. This can usually be done from the Gateway web interface.
+To apply the changes and make the third-party CRT file available to SiteSync and other components, you need to restart the Ignition Gateway. This can usually be done from the Ignition directory through the "stop-ignition.bat" and "start-ignition.bat" scripts.
-Navigate to the "Status" or "Status Overview" section of the web interface. Look for an option to "Restart" or "Shutdown" the Gateway.
 **Note**: Restarting the Ignition Gateway will momentarily disrupt the communication with connected devices. Plan the restart accordingly to minimize operational impact.
-### Step 7: Verify the CRT File Integration
-After the Gateway has restarted, verify that the third-party CRT file has been successfully integrated into the Ignition supplemental cert library.
-. Log back into the Ignition Gateway web interface.
-. Navigate to the "Status" or "Status Overview" section.
-. Look for an option like "SSL Certificates" or "Certificate Management."
-. Verify that the third-party CRT file is listed among the certificates.
-### Step 8: Configure SiteSync to Use the Third-Party CRT
-The final step is to configure SiteSync to utilize the newly added third-party CRT file for secure communication with the devices that use self-signed or unrecognized certificates. Specific steps to configure SiteSync will depend on your environment and requirements.
-Refer to the Ignition documentation or consult with your system administrator to correctly set up SiteSync with the appropriate certificate for secure communication.
-## Conclusion
+** Conclusion **
 By following this technical documentation, you should have successfully introduced a third-party CRT file into the Ignition supplemental cert library, allowing SiteSync to communicate securely with devices that use self-signed or unrecognized certificate signers. Always exercise caution when handling certificates to maintain the security and integrity of your Ignition system.