FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
08-02-2023 03:26 PM
Hello all,
When a screen layout is generated with WebIQ, for example, a URL is created with a secure adres.
This is a secure URL. The server on the ctrlX Core displays the site, which is opened with an external web browser (panel). The customer's screen (in this case an Eton panel) usually requires a security certificate.
This gives an annoying message at startup: Message: NET :: ERR_CERT_AUTHORITY_INVALID.
Now it is the case (and we are already a bit used to it) that both the UI of the ctrlX Core and the screen generated by Web-IQ are opened with this message. You don't want this with an end user. What needs to be done to stop getting this message. How and where to create this security certificate. Where should it be installed.
Solved! Go to Solution.
08-02-2023 06:18 PM - last edited on 08-25-2023 02:55 PM by CodeShepherd
Hi JohsH,
In the case of the ctrlX CORE Web UI, you can follow these instructions (see PDF attached) to generate a certificate and key. You will need to install both in the CORE and the certificate in the browser you plan to view the web server with. (Thanks to @bostroemc)
For WebIQ, a different process is required. Here are the instructions from WebIQ on the topic. You may not be able to access them without a SmartHMI account.
Here is another forum post about WebIQ TLS and the CORE.
Here is an article on accessing data from a seperate web server in a WebIQ application.
08-03-2023 09:12 AM
Actually I don't see this directly related or caused by WebIQ. Please see here:
https://www.hostinger.com/tutorials/err_cert_authority_invalid
The source of the problem is that you either used a self-signed certificate for the TLS certificate or used a custom CA where the root certificate of the custom CA has not been imported into the browser OS certificate storage.
This is normal browser behavior as it does not know the certification authority used for signing the specific certificate.
The issue is between your TLS certificate and the user's browser. WebIQ just delivers your certificate.
Did you use a self-signed certificate or a custom CA for creating the certificate?
08-03-2023 01:20 PM
Some further info: a browser requires a certificate to be signed by a known and valid certification authority, so either you create your own CA for that - then you'd have to import the CA root certificate into the certificate storage on all devices that should be able to access the HMI - or you use an FQDN by registering a public domain for your HMI - then you can use normal TLS certificates that don't show any warnings in the browser on any end device, however you always have to renew the TLS certificate at least once a year.
Please note that you cannot purchase official TLS certificates for IP addresses, only for fully-qualified domain names. This is valid for WebIQ as for any other website on the internet - technically, there's absolutely no difference here.
08-03-2023 03:45 PM
I agree. I was just trying to provide some guidance on configuring WebIQ to utilize the certificate for TLS.
08-15-2023 02:38 PM
do we not just have the option to ignore certificates, at least in the designer?
08-15-2023 02:59 PM
This has nothing to do with WebIQ, it's not WebIQ that's showing the error, it's your web browser. WebIQ Designer does not show any certificate errors because it's not using TLS.
Though you can disable these safety warnings in a web browser I highly discourage you from doing that for security reasons.
The errors occur because you have setup a not officially trusted certificate which is what your browser complains about. It's exactly the same issue you experience with any other website when you're using not officially signed TLS certificates.
08-15-2023 05:55 PM
Ahh, i see this is different from what I am seeing. I will start a new topic. The error I am seeing is when WebIQ designer loads.
08-18-2023 07:21 AM
We had similar problems until we used the reverse proxy, which is available since 2.14 of WebIQ. For more info on reverse proxy see: HowTo-view-content-from-mutiple-webServers-in-one-web-page
08-18-2023 07:37 AM
@HmiGuide If you've been getting the exact error Message: NET :: ERR_CERT_AUTHORITY_INVALID (not any other, we have to be careful here to not mixup things) then it is definitely not caused by WebIQ, but by the certificate itself.
For other TLS error message this might occur due to using the wrong certificate files or not fitting TLS ciphers in the configuration settings.
08-25-2023 02:22 PM - edited 08-25-2023 02:56 PM
As there was no response but topic seems still to be open:
@JohsH Could you add a more detailed explanation what you are doing? I also think we need to separate things like @webiq-sk mentioned.
For general warning when accessing ctrlX CORE web UI see attachment in the first answer of @Sgilk.
The similar problems mentioned by @HmiGuide were caused by iframe integration in HMI screens and restrictive behavior of chrome/chromium based browsers. These are solved by using ctrlX CORE version 1.20 and WebIQ version 2.14. In that case the HMI is fully integrated in our reverse proxy and both sources are collected to a single one.