======  Introducing a Third-Party Cert File to Ignition Supplemental Cert Library for SiteSync Communication ====== 


** Overview **

Ignition is an industrial automation software platform that allows for seamless communication and control of various devices. To ensure secure communication, Ignition utilizes SSL/TLS certificates for encryption and authentication. However, in certain cases, you may need to communicate with devices that use self-signed or unrecognized certificate signers. In such scenarios, you can introduce a third-party CRT (Certificate) file into the Ignition supplemental cert library, allowing SiteSync to communicate with these devices securely.

This technical documentation outlines the steps to add a third-party CRT file into the `data/supplemental/certs` directory of Ignition and restart the Ignition gateway to enable SiteSync to communicate with self-signed or unrecognized certificate signers.


** Prerequisites **

- A running Ignition Gateway with administrative access.
- The third-party CRT or PEM file that needs to be introduced into the Ignition supplemental cert library.


** Procedure **

** Step 1: Obtain the Third-Party CRT File ** 

Contact the device or system administrator to obtain the third-party CRT file. This file should be in the `.crt` format and contain the public key of the certificate issuer.

**  Step 2: Place the CRT File in the Correct Directory ** 

Using a file transfer method (e.g., SCP, SFTP, or direct file access), copy the third-party CRT file into the `data/supplemental/certs` directory within the Ignition data directory. If the `supplemental/certs` directory does not exist, create it manually.

The directory structure should look like this:

```

Ignition/
└── data/
    └──certificates/
        └── supplemental/
            └── your_third_party.crt
```

**  Step 3: Restart the Ignition Gateway ** 

To apply the changes and make the third-party CRT file available to SiteSync and other components, you need to restart the Ignition Gateway. This can usually be done from the Ignition directory through the "stop-ignition.bat" and "start-ignition.bat" scripts.  


**Note**: Restarting the Ignition Gateway will momentarily disrupt the communication with connected devices. Plan the restart accordingly to minimize operational impact.


** Conclusion ** 

By following this technical documentation, you should have successfully introduced a third-party CRT file into the Ignition supplemental cert library, allowing SiteSync to communicate securely with devices that use self-signed or unrecognized certificate signers. Always exercise caution when handling certificates to maintain the security and integrity of your Ignition system.