• Recent
    • Tags
    • Popular
    • Register
    • Login

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website Mango 5 Documentation Website

    External IP

    Mango General
    6
    18
    6.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sky_watcher @MattFox
      last edited by

      @mattfox The IP address is static IP address, thanks!

      1 Reply Last reply Reply Quote 0
      • S
        sky_watcher @phildunlap
        last edited by

        @phildunlap It's a good example of IP adress :))

        Whoa, are those nine and ten bit octets I see :P

        I've looked at this link: https://help.infiniteautomation.com/installation-configuration/ and at SSL Settings it said something about keystore, but I couldn't find on my MangoES the keystore, any idea why?

        Thanks!

        1 Reply Last reply Reply Quote 0
        • phildunlapP
          phildunlap
          last edited by

          Partly because the help page said "keystore.exe" when it should have said "keytool.exe" I would bet. The keytool command may already be on the path, so no need to navigate to the file. But, MangoES units do not come with a self-signed certificate in a keystore ready to go, so you need to generate it and then configure the SSL settings to point at that keystore.jks file.

          S 1 Reply Last reply Reply Quote 0
          • S
            sky_watcher @phildunlap
            last edited by phildunlap

            @phildunlap So this means that if I login with SSH and run this command: keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changei -validity 365 -keysize 1024 than I can give the answer to the question from that help?

            1 Reply Last reply Reply Quote 0
            • phildunlapP
              phildunlap
              last edited by

              That command will create the keystore file, yes. Had some weird formatting though, so I edited your post. You may want to use a different storepass than "changei" (or omit that argument to have it ask for that, first)

              S 1 Reply Last reply Reply Quote 2
              • CraigWebC
                CraigWeb
                last edited by

                Hi @sky_watcher

                Just for your information, browsers will not recognise a self signed certificate. your browser will give a warning saying the certificate is not trusted. Not the end of the world if the server is just for yourself. If you want the green lock on the URL you'll need to purchase a certificate from a registered CA.

                MattFoxM 1 Reply Last reply Reply Quote 0
                • MattFoxM
                  MattFox @CraigWeb
                  last edited by

                  The other option is to use let's encrypt's certbot certificate authority. Install that on mango and validate with the dns option. @phildunlap is there not a way to import a signed cert into the Java SSL script that you are talking about?

                  Am also happy to show how to reverse proxy with Apache 2 for those who are interested...

                  Do not follow where the path may lead; go instead where there is no path.
                  And leave a trail - Muriel Strode

                  phildunlapP 1 Reply Last reply Reply Quote 0
                  • S
                    sky_watcher @phildunlap
                    last edited by

                    @phildunlap I executed that command and I made changes to env.properties file. But after reboot I couldn't connect to the web, so I restored back the env.properties file and now is working.

                    Those errors I got when I couldn't connect to the web:

                    0_1534787307114_2018-08-20_20-34-26.jpg

                    And this one was in the ma.log file:
                    0_1534787335596_2018-08-20_20-38-19.jpg

                    1 Reply Last reply Reply Quote 0
                    • phildunlapP
                      phildunlap @MattFox
                      last edited by

                      @mattfox

                      is there not a way to import a signed cert into the Java SSL script that you are talking about?

                      There is! Here's my little note scratches about how to do that... Step 0 is submit a CSR and get a certificate bundle back.

                      1. openssl pkcs12 -export -certfile server.ca-bundle -inkey server.key -in server.crt -name NAME -out keystore.p12 -passout pass:morethan6c
                      
                      1a. cd to your jdk/bin folder
                      
                      2. sudo ./keytool -importkeystore -destkeystore /path/to/keystore.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -alias NAME -srcstorepass morethan6c
                      3. Enter destination keystore password: morethan6c
                      
                      Now you have a keystore.jks file, 
                      
                      4. copy this into your Mango/overrides/properties directory.
                      5. Edit your Mango/overrides/properties/env.properties file such that...
                      
                      ssl.on=true
                      ssl.port=443
                      ssl.keystore.location=/path/to/Mango/overrides/properties/keystore.jks
                      ssl.keystore.password=morethan6characters
                      
                      5a. Add the APLN script into the ext-enabled folder
                      6. Restart Mango
                      7. Success!
                      
                      1 Reply Last reply Reply Quote 1
                      • MattFoxM
                        MattFox
                        last edited by

                        Gent and a scholar, thanks!

                        Do not follow where the path may lead; go instead where there is no path.
                        And leave a trail - Muriel Strode

                        1 Reply Last reply Reply Quote 0
                        • phildunlapP
                          phildunlap
                          last edited by

                          @sky_watcher

                          Can you share your web.port and ssl.port from your env.properties? Have you tried clearing your browser cache?

                          The warning you shared suggests there isn't a jetty-alpn-agent.jar in the Mango/boot directory perhaps. Enabling ALPN takes advantage of HTTP/2 but you may need to move the enable-alph extension script from your Mango/bin/ext-available to Mango/bin/ext-enabled/ to get the benefits. SSL is required to be enabled, as well.

                          S 2 Replies Last reply Reply Quote 0
                          • S
                            sky_watcher @phildunlap
                            last edited by sky_watcher

                            @phildunlap web port is 8888 and ssl port is 8443.

                            Yes, I've cleared the cash.

                            1 Reply Last reply Reply Quote 0
                            • S
                              sky_watcher @phildunlap
                              last edited by

                              @phildunlap I moved enable-alph extension script to ext-enable folder, and also I made the SSL settings like before but I get the same errors and I couldn't navigate to the web page.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post