Sign in with
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL certificate authentication failed, continue loading?

SSL certificate authentication failed, continue loading?

abene
Member

‎11-07-2023 09:46 AM

SSL certificate authentication failed, continue loading? -error message appears during the boot of the core with webiq server installed. Is there a solution where to set the ssl? Please advise.

Preview file
1015 KB
0 Likes
Reply
11 REPLIES 11

Sgilk
Contributor

‎11-07-2023 09:37 PM - edited ‎11-07-2023 09:38 PM

Hello,

What versions of ctrlX CORE firmware and WebIQ runtime are you using? SSL support in WebIQ was removed and replaced with TLS.

Documentation on WebIQ TLS: WebIQ TLS 

In newer versions of the WebIQ runtime application, an HTTPS connection to the WebIQ application can be made via the ctrlX OS reverse proxy. You can create and install the TLS certificate following this process: ctrlX OS HTTPS

@CodeShepherd This should probably be moved to WebIQ sub.

0 Likes
Reply

webiq-sk
Frequent Contributor

‎11-08-2023 08:11 AM

The message is not a WebIQ message, this seems to come from ctrlX itself maybe?
Also, the message states "SSL Certificate authentication failed" - "certificate authentication" rather than "certificate verification" which sounds more like some more internal thing? It also doesn't bring up a lot of results on Google.

The user also pointed out that it "appears during the boot of the core" - maybe this is something unrelated to WebIQ?

0 Likes
Reply

CodeShepherd
Community Moderator
Community Moderator

‎11-08-2023 08:39 AM

@abene please always add pictures of the complete screen so we can see what the problem is related to.

Which HMI are you using?
Which path do you try to open and how do try to do that?

Please check also the topic "WR21 in kiosc mode does not refresh ctrlX CORE´s IP" for some other information about booting topics of HMI.

0 Likes
Reply

abene
Member
In response to Sgilk

‎11-08-2023 08:39 AM

Hi there, thanks for responding. Below is the current app config on CtrlX Core.

1.20.0
Automation Core
Basic automation functionalities

2.15.3
WebIQ Server App (Runtime App)

0 Likes
Reply

abene
Member
In response to CodeShepherd

‎11-08-2023 08:43 AM

I am using the WR207W HMI. In Kiosk the following path is set:
https://111.111.111.111/webiq/webiq-ctrlx-template-v0

0 Likes
Reply

webiq-sk
Frequent Contributor
In response to abene

‎11-08-2023 09:03 AM

Are you intentionally using a public IP address on the internet associated with a company in Japan for running your ctrlX?

whois 111.111.111.111
% [whois.apnic.net]

inetnum: 111.96.0.0 - 111.111.255.255
netname: KDDI
descr: KDDI CORPORATION
descr: Garden Air Tower,3-10-10,Iidabashi,Chiyoda-ku,Tokyo,102-8460,Japan

I assume you rather want to use an internal IP address for your network - in this case you cannot use arbitrary IP addresses - there is only a certain number available: https://en.wikipedia.org/wiki/Private_network - the IP address 111.111.111.111 would be routed to the internet automatically, not to your network. You can use 10.*.*.* or 192.168.1.* for example.

I don't know if this could cause this issue, just wanted to point this out.

 

0 Likes
Reply

abene
Member
In response to webiq-sk

‎11-08-2023 09:44 AM - edited ‎11-08-2023 10:41 AM

There is more detailed info I can provide after testing different options.


1. The "SSL certificate authentication failed, continue loading?" -error message only occurs when using the "Kiosk" as default android app after power-up.
When "Chromium" is set to the same destination start address (https://abc.def.ghi.jkl/webiq/webiq-ctrlx-template-v0) in this case, there is no issue with the error message, however the connection remains unsafe, http vs https.
2. Now the issue is how to run "Chromium" in full-screen, kiosk-like mode.


3. The problem with not synchronized startups between CtrlX-Core and HMI running android still remains, see my related post https://developer.community.boschrexroth.com/t5/Smart-HMI-WebIQ-Designer-and/WEBIQ-4008-ctrlX-WebIQ-...

(* Sorry, the IP in previous post was just an example I randomly put in the command. The actual address of course is the core static assigned permanent address.)

0 Likes
Reply

CodeShepherd
Community Moderator
Community Moderator
In response to abene

‎11-08-2023 01:18 PM

@abene On point number 2: Could you explain a bit more what you mean by "the connection remains unsafe, http vs https"?
The connection to a ctrlX CORE in general is encrypted and safe. What you could see is, that browser tells you the certificate serverd is self signed (as it is by the controller) and so connection is not trusted and could be unsecured. Please see "How to make an HTTPS connection with ctrlX OS Web Server" for how to create own certificates and import them into the ctrlX CORE and your browser to establish a trusted connection.

 

0 Likes
Reply

abene
Member
In response to CodeShepherd

‎11-08-2023 01:33 PM

Hi there and thanks for the answer. Instead of "unsafe" I should put "unsecured or not trusted" as the browser clearly shows. I will try to configure the certificates as described in the guide.
The issue here really is
1. how can this configuration be done in case of Chromium browser or Kiosk running on the ctlX HMI
2. In case Chromium is used, how can it run in full-screen, kiosk-like mode

3. The startup time synchronization is solved using the recommended startup.html addition until a firmware update addresses the problem.
https://developer.community.boschrexroth.com/t5/Smart-HMI-WebIQ-Designer-and/WEBIQ-4008-ctrlX-WebIQ-...

0 Likes
Reply

bkautzman
Established Member
In response to abene

‎11-17-2023 06:11 PM

I believe this is the same issue that I posted about here. As I mentioned in my most recent reply, I don't believe this is related to WebIQ. Do you also see the same security message if you direct the WebStation to your ctrlX core web UI?

0 Likes
Reply

V_A
Established Member
In response to bkautzman

‎12-18-2023 04:59 PM

Hello,
unfortunately I have the same problem: in kiosk mode the warning "SSL certification failed, continue loading?" appears immediately after restarting the system.
After confirming the warning with continue, the interface opens normally and I can operate the system.
However, it is unpleasant that the message always appears.
What exactly is the solution in this case?

HMI:
MNR: R11411947 FD: 22W33 (7260)
Android version 10
Kios App V1.0.6
WebIQ Server App 2.15.3
OPC UA Server 1.20.3

0 Likes
Reply

OK
OK
Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist