FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
Dear Community User! We have started the migration process.
This community is now in READ ONLY mode.
Read more: Important
information on the platform change.
11-07-2023 09:46 AM
SSL certificate authentication failed, continue loading? -error message appears during the boot of the core with webiq server installed. Is there a solution where to set the ssl? Please advise.
11-07-2023 09:37 PM - edited 11-07-2023 09:38 PM
Hello,
What versions of ctrlX CORE firmware and WebIQ runtime are you using? SSL support in WebIQ was removed and replaced with TLS.
Documentation on WebIQ TLS: WebIQ TLS
In newer versions of the WebIQ runtime application, an HTTPS connection to the WebIQ application can be made via the ctrlX OS reverse proxy. You can create and install the TLS certificate following this process: ctrlX OS HTTPS
@CodeShepherd This should probably be moved to WebIQ sub.
11-08-2023 08:11 AM
The message is not a WebIQ message, this seems to come from ctrlX itself maybe?
Also, the message states "SSL Certificate authentication failed" - "certificate authentication" rather than "certificate verification" which sounds more like some more internal thing? It also doesn't bring up a lot of results on Google.
The user also pointed out that it "appears during the boot of the core" - maybe this is something unrelated to WebIQ?
11-08-2023 08:39 AM
@abene please always add pictures of the complete screen so we can see what the problem is related to.
Which HMI are you using?
Which path do you try to open and how do try to do that?
Please check also the topic "WR21 in kiosc mode does not refresh ctrlX CORE´s IP" for some other information about booting topics of HMI.
11-08-2023 08:39 AM
Hi there, thanks for responding. Below is the current app config on CtrlX Core.
1.20.0
Automation Core
Basic automation functionalities
2.15.3
WebIQ Server App (Runtime App)
11-08-2023 08:43 AM
I am using the WR207W HMI. In Kiosk the following path is set:
https://111.111.111.111/webiq/webiq-ctrlx-template-v0
11-08-2023 09:03 AM
Are you intentionally using a public IP address on the internet associated with a company in Japan for running your ctrlX?
whois 111.111.111.111
% [whois.apnic.net]
inetnum: 111.96.0.0 - 111.111.255.255
netname: KDDI
descr: KDDI CORPORATION
descr: Garden Air Tower,3-10-10,Iidabashi,Chiyoda-ku,Tokyo,102-8460,Japan
I assume you rather want to use an internal IP address for your network - in this case you cannot use arbitrary IP addresses - there is only a certain number available: https://en.wikipedia.org/wiki/Private_network - the IP address 111.111.111.111 would be routed to the internet automatically, not to your network. You can use 10.*.*.* or 192.168.1.* for example.
I don't know if this could cause this issue, just wanted to point this out.
11-08-2023 09:44 AM - edited 11-08-2023 10:41 AM
There is more detailed info I can provide after testing different options.
1. The "SSL certificate authentication failed, continue loading?" -error message only occurs when using the "Kiosk" as default android app after power-up.
When "Chromium" is set to the same destination start address (https://abc.def.ghi.jkl/webiq/webiq-ctrlx-template-v0) in this case, there is no issue with the error message, however the connection remains unsafe, http vs https.
2. Now the issue is how to run "Chromium" in full-screen, kiosk-like mode.
3. The problem with not synchronized startups between CtrlX-Core and HMI running android still remains, see my related post https://developer.community.boschrexroth.com/t5/Smart-HMI-WebIQ-Designer-and/WEBIQ-4008-ctrlX-WebIQ-...
(* Sorry, the IP in previous post was just an example I randomly put in the command. The actual address of course is the core static assigned permanent address.)
11-08-2023 01:18 PM
@abene On point number 2: Could you explain a bit more what you mean by "the connection remains unsafe, http vs https"?
The connection to a ctrlX CORE in general is encrypted and safe. What you could see is, that browser tells you the certificate serverd is self signed (as it is by the controller) and so connection is not trusted and could be unsecured. Please see "How to make an HTTPS connection with ctrlX OS Web Server" for how to create own certificates and import them into the ctrlX CORE and your browser to establish a trusted connection.
11-08-2023 01:33 PM
Hi there and thanks for the answer. Instead of "unsafe" I should put "unsecured or not trusted" as the browser clearly shows. I will try to configure the certificates as described in the guide.
The issue here really is
1. how can this configuration be done in case of Chromium browser or Kiosk running on the ctlX HMI
2. In case Chromium is used, how can it run in full-screen, kiosk-like mode
3. The startup time synchronization is solved using the recommended startup.html addition until a firmware update addresses the problem.
https://developer.community.boschrexroth.com/t5/Smart-HMI-WebIQ-Designer-and/WEBIQ-4008-ctrlX-WebIQ-...
11-17-2023 06:11 PM
I believe this is the same issue that I posted about here. As I mentioned in my most recent reply, I don't believe this is related to WebIQ. Do you also see the same security message if you direct the WebStation to your ctrlX core web UI?
12-18-2023 04:59 PM
Hello,
unfortunately I have the same problem: in kiosk mode the warning "SSL certification failed, continue loading?" appears immediately after restarting the system.
After confirming the warning with continue, the interface opens normally and I can operate the system.
However, it is unpleasant that the message always appears.
What exactly is the solution in this case?
HMI:
MNR: R11411947 FD: 22W33 (7260)
Android version 10
Kios App V1.0.6
WebIQ Server App 2.15.3
OPC UA Server 1.20.3
05-10-2024 01:28 PM
Hello,
I have the same problem with a customer. When he tries to connect to the HMI (based on webIQ) he gets the message "SSL certificate authentication failed". I would like to know if it is possible to delete this message.
I tried installing a certificate on the ctrlX HMI device and on the ctrlX Core. After a successful installation, the main page of the 192.168.4.183 ctrlX Core no longer asks to accept the certificate as usually happens. But the HMI page (based on the same address 192.168.4.183) still displays the SSL certificate popup.
ctrlX version 1.20
ctrlX HMI WR21
05-10-2024 02:00 PM
Hello @davifas ,
Which version of WebIQ runtime is installed on the ctrlX CORE? SSL support was dropped in WebIQ a number of versions back. See this note from the documentation. TLS is now used as standard.
05-13-2024 12:03 PM - edited 05-13-2024 12:04 PM
Hello @Sgilk,
thanks for your reply. Customer has the following configuration:
Should we update WebIQ Designer?
05-13-2024 02:53 PM
@davifas ,
I think you are at a sufficient version that it is not the cause of the message. I think this might be a problem with the certificate manager in the panel and not with WebIQ configuration.