What is the recommended method of loading a signed certificate for https WBM on the PFC200 to avoid having the warning message in the browser?
This is needed because enabling http no longer works for the WebVisu, only the WMB page(s). If using a web panel, then you will get the cert warning message when the machine starts.
Hi Kurt,
The cybersecurity manual of PFC have a dedicated chapter, p. 45.
This method uses XCA software, but this is also possible using openssl.
I’ll connect to this topic too.
I’ve been lazy so far as well and just switched on http.
Even if generating your own certificates is not complicated I always seen an obstacle in front of me in regard to use of Apple’s handheld devices.
To open any visu there user would need to import a root CA certificate that he/she created in the first place…
How this is done in “real life” applications and not on the desk? Anyone who has experience with such case?
To avoid a manual installation of certificates on each client, a certificate signed by a CA is mandatory.
You can either buy one (for each server), or, if you can provide an Internet access to the server (PFC) you can use a free solution like Let’s Encrypt. But certificates need to be update every 90 days so you need to find a solution for automatic cert update. There are a lot of implementation :
For compatibility purpose, I suggest a Docker application, for instance acme.sh.
Since the certificate is based on the hostname, you need a DNS.
Thanks for quick reply.
In my “real life” application one restriction was not defined - no access to internet in the network in question.
Inability of granting “exclusions” in iOS nowadays is a pain…
I tried to do it the right way but I ran out of time, I’m using a Chromium based display, so I just added the following flags to the browser start:
–ignore-certificate-errors --ignore-urlfetcher-cert-request