Overview
Ignition is an industrial automation software platform that allows for seamless communication and control of various devices. To ensure secure communication, Ignition utilizes SSL/TLS certificates for encryption and authentication. However, in certain cases, you may need to communicate with devices that use self-signed or unrecognized certificate signers. In such scenarios, you can introduce a third-party CRT (Certificate) file into the Ignition supplemental cert library, allowing SiteSync to communicate with these devices securely.
This technical documentation outlines the steps to add a third-party CRT file into the `data/supplemental/certs` directory of Ignition and restart the Ignition gateway to enable SiteSync to communicate with self-signed or unrecognized certificate signers.
Prerequisites
- A running Ignition Gateway with administrative access. - The third-party CRT or PEM file that needs to be introduced into the Ignition supplemental cert library.
Procedure
Step 1: Obtain the Third-Party CRT File
Contact the device or system administrator to obtain the third-party CRT file. This file should be in the `.crt` format and contain the public key of the certificate issuer.
Step 2: Place the CRT File in the Correct Directory
Using a file transfer method (e.g., SCP, SFTP, or direct file access), copy the third-party CRT file into the `data/supplemental/certs` directory within the Ignition data directory. If the `supplemental/certs` directory does not exist, create it manually.
The directory structure should look like this:
```
Ignition/ └── data/
└──certificates/
└── supplemental/
└── your_third_party.crt
```
Step 3: Restart the Ignition Gateway
To apply the changes and make the third-party CRT file available to SiteSync and other components, you need to restart the Ignition Gateway. This can usually be done from the Ignition directory through the “stop-ignition.bat” and “start-ignition.bat” scripts.
Note: Restarting the Ignition Gateway will momentarily disrupt the communication with connected devices. Plan the restart accordingly to minimize operational impact.
Conclusion
By following this technical documentation, you should have successfully introduced a third-party CRT file into the Ignition supplemental cert library, allowing SiteSync to communicate securely with devices that use self-signed or unrecognized certificate signers. Always exercise caution when handling certificates to maintain the security and integrity of your Ignition system.