A browser connection to an I/A Series G3 graphic indicates There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority.

Issue

A browser connection to an I/A Series G3 graphic indicates "There is a problem with this website's security certificate.  The security certificate presented by this website was not issued by a trusted certificate authority."

Certificate error

Product Line

TAC I/A Series

Environment

I/A Series G3 (builds 3.6 and earlier)

Cause

The message is related to the I/A Series G3 Crypto Service that provides Secure Socket Layer (SSL) technology between a browser and an ENC or ENS with web services.  SSL encrypts the http for communications security.  Security certificates are used as part of the https protocol to validate the targeted website and encrypt the data transferred between the browser and the site.

Resolution

The certificate included with the I/A Series G3 Crypto Service is a Tridium certificate, which is valid through 2054. The certificate is self-signed and the browser cannot validate it's authenticity with a trusted root certificate. Depending upon the browser and administration of rights, some browsers will let you add the certificate so that the message is not seen again. Other browsers will not, causing the message to be seen upon each connection to the website.

One option available to network administrators is to generate a site specific certificate that identifies the server as trusted.  The following document details a step by step process utilizing the SSL resources of the standard Java Runtime Engine (JRE).  The TridiumProvider.jar is also provided.

Note: Do not use the JRE installed and used by Niagara G3.  The JRE for the computer is typically located in the \Program Files\Java directory.

The process involves adding a security provider to the local java.security file followed by the generation of a key pair with the user's information.  A certificate is then generated to provide the Certificate Authority.  Once signed and returned, the signed certificate is used to generate and package a custom site specific ssl.tks file for G3.

SSL Installing a Signed Cert (3.6 and earlier) updated 9-5-2012
TridiumProvider.zip