When a screen layout is generated with WebIQ, for example, a URL is created with a secure adres.
This is a secure URL. The server on the ctrlX Core displays the site, which is opened with an external web browser (panel). The customer's screen (in this case an Eton panel) usually requires a security certificate.
This gives an annoying message at startup: Message: NET :: ERR_CERT_AUTHORITY_INVALID.
Now it is the case (and we are already a bit used to it) that both the UI of the ctrlX Core and the screen generated by Web-IQ are opened with this message. You don't want this with an end user. What needs to be done to stop getting this message. How and where to create this security certificate. Where should it be installed.
Solved! Go to Solution.
In the case of the ctrlX CORE Web UI, you can follow these instructions (see PDF attached) to generate a certificate and key. You will need to install both in the CORE and the certificate in the browser you plan to view the web server with. (Thanks to @bostroemc)
For WebIQ, a different process is required. Here are the instructions from WebIQ on the topic. You may not be able to access them without a SmartHMI account.
Here is another forum post about WebIQ TLS and the CORE.
Here is an article on accessing data from a seperate web server in a WebIQ application.
Actually I don't see this directly related or caused by WebIQ. Please see here:
The source of the problem is that you either used a self-signed certificate for the TLS certificate or used a custom CA where the root certificate of the custom CA has not been imported into the browser OS certificate storage.
This is normal browser behavior as it does not know the certification authority used for signing the specific certificate.
The issue is between your TLS certificate and the user's browser. WebIQ just delivers your certificate.
Did you use a self-signed certificate or a custom CA for creating the certificate?
Some further info: a browser requires a certificate to be signed by a known and valid certification authority, so either you create your own CA for that - then you'd have to import the CA root certificate into the certificate storage on all devices that should be able to access the HMI - or you use an FQDN by registering a public domain for your HMI - then you can use normal TLS certificates that don't show any warnings in the browser on any end device, however you always have to renew the TLS certificate at least once a year.
Please note that you cannot purchase official TLS certificates for IP addresses, only for fully-qualified domain names. This is valid for WebIQ as for any other website on the internet - technically, there's absolutely no difference here.
This has nothing to do with WebIQ, it's not WebIQ that's showing the error, it's your web browser. WebIQ Designer does not show any certificate errors because it's not using TLS.
Though you can disable these safety warnings in a web browser I highly discourage you from doing that for security reasons.
The errors occur because you have setup a not officially trusted certificate which is what your browser complains about. It's exactly the same issue you experience with any other website when you're using not officially signed TLS certificates.
@HmiGuide If you've been getting the exact error Message: NET :: ERR_CERT_AUTHORITY_INVALID (not any other, we have to be careful here to not mixup things) then it is definitely not caused by WebIQ, but by the certificate itself.
For other TLS error message this might occur due to using the wrong certificate files or not fitting TLS ciphers in the configuration settings.
As there was no response but topic seems still to be open:
The similar problems mentioned by @HmiGuide were caused by iframe integration in HMI screens and restrictive behavior of chrome/chromium based browsers. These are solved by using ctrlX CORE version 1.20 and WebIQ version 2.14. In that case the HMI is fully integrated in our reverse proxy and both sources are collected to a single one.