This is an old revision of the document!
# Introducing a Third-Party CRT File to Ignition Supplemental Cert Library for SiteSync Communication
## Overview
Ignition is an industrial automation software platform that allows for seamless communication and control of various devices. To ensure secure communication, Ignition utilizes SSL/TLS certificates for encryption and authentication. However, in certain cases, you may need to communicate with devices that use self-signed or unrecognized certificate signers. In such scenarios, you can introduce a third-party CRT (Certificate) file into the Ignition supplemental cert library, allowing SiteSync to communicate with these devices securely.
This technical documentation outlines the steps to add a third-party CRT file into the `data/supplemental/certs` directory of Ignition and restart the Ignition gateway to enable SiteSync to communicate with self-signed or unrecognized certificate signers.
## Prerequisites
- A running Ignition Gateway with administrative access. - The third-party CRT file that needs to be introduced into the Ignition supplemental cert library.
## Procedure
### Step 1: Obtain the Third-Party CRT File
Contact the device or system administrator to obtain the third-party CRT file. This file should be in the `.crt` format and contain the public key of the certificate issuer.
### Step 2: Connect to the Ignition Gateway
Ensure that you have administrative access to the Ignition Gateway. Open a web browser and enter the URL for the Ignition Gateway web interface. Log in with your administrative credentials.
### Step 3: Access the Gateway Settings
Once logged in, navigate to the Ignition Gateway settings page. This is typically found under the “Config” or “Configuration” section of the web interface. Look for an option such as “Gateway Settings” or “System Settings.”
### Step 4: Locate the Data Directory Path
On the Gateway Settings page, find the “Data Directory” path. This path indicates the location where Ignition stores its configuration and data files.
### Step 5: Place the CRT File in the Correct Directory
Using a file transfer method (e.g., SCP, SFTP, or direct file access), copy the third-party CRT file into the `data/supplemental/certs` directory within the Ignition data directory. If the `supplemental/certs` directory does not exist, create it manually.
The directory structure should look like this:
``` Ignition/ └── data/
└── supplemental/
└── certs/
└── your_third_party.crt
```
### Step 6: Restart the Ignition Gateway
To apply the changes and make the third-party CRT file available to SiteSync and other components, you need to restart the Ignition Gateway. This can usually be done from the Gateway web interface.
Navigate to the “Status” or “Status Overview” section of the web interface. Look for an option to “Restart” or “Shutdown” the Gateway.
Note: Restarting the Ignition Gateway will momentarily disrupt the communication with connected devices. Plan the restart accordingly to minimize operational impact.
### Step 7: Verify the CRT File Integration
After the Gateway has restarted, verify that the third-party CRT file has been successfully integrated into the Ignition supplemental cert library.
1. Log back into the Ignition Gateway web interface. 2. Navigate to the “Status” or “Status Overview” section. 3. Look for an option like “SSL Certificates” or “Certificate Management.” 4. Verify that the third-party CRT file is listed among the certificates.
### Step 8: Configure SiteSync to Use the Third-Party CRT
The final step is to configure SiteSync to utilize the newly added third-party CRT file for secure communication with the devices that use self-signed or unrecognized certificates. Specific steps to configure SiteSync will depend on your environment and requirements.
Refer to the Ignition documentation or consult with your system administrator to correctly set up SiteSync with the appropriate certificate for secure communication.
## Conclusion
By following this technical documentation, you should have successfully introduced a third-party CRT file into the Ignition supplemental cert library, allowing SiteSync to communicate securely with devices that use self-signed or unrecognized certificate signers. Always exercise caution when handling certificates to maintain the security and integrity of your Ignition system.