Setup a FREE SSL Certificate for a Niagara Jace or Supervisor

by

Posted on

niagara 4 ssl certificate


I recently put up a post saying there still so many sites still not using SSL. SSL Certificates are free and there are vast number of benefits you’re missing out on. Not only are there obvious security benefits, you also get caching, it provides trust, and gives your customers peace of mind when they visit the page.

Few things you need before we start:

1. Setup a Cloudflare account (FREE)
2. JACE or Web Supervisor
3. Firewall Access with Static IP
4. A Domain Name with DNS admin rights


Lets Begin:

Sign up for Cloudflare

Cloudflare is FREE and they have data centers all over the world. When a visitor loads up a page the closest data center will serve the data using its dynamic caching capabilities. I’ll demonstrate this in a bit. They have vast amount of options on their dashboard including analytics.


JACE or Web Supervisor

On your JACE or Web Supervisor make sure you have HTTPS enabled in the web services configuration:

niagara web services


Firewall Access and Static IP

Hopefully, you have access to your firewall routing so you can allow external traffic through to your JACE or Web Supervisor. A very simple rule for HTTP and HTTPS would look something like this:

niagara web firewall

This is basically saying any external traffic on port 80 (HTTP) and port 443 (HTTPS) should go to the server/pc 192.x.x.x. which is an internal IP. That machine would be listening for incoming requests on ports 80 and 443. In our case, that would be the JACE or Web Supervisor. You could setup a more complex routing scheme if you plan to have multiple supervisors pointing and have only 1 external IP. 1 static IP is enough. Most ISP’s offer this at a one-off cost usually around £5–10. We’ll use the static IP later on when we modify our domain DNS.

To verify its working correctly, enter the external IP into your browser, and hopefully you will see the station login page.


Cloudflare Configuration

The last step it to setup Cloudflare. Login to your Domain Registrar (e.g. GoDaddy), and click on the manage DNS settings to change the name servers. Cloudflare will provide you with your name servers when signing up. This process may take 2–24 hours, but it was pretty much instant when I updated them:

niagara dns



Login to Cloudflare and setup a new site. There are many options here, but we’ll start with the DNS settings:

tridium ssl



Click on DNS. Hopefully the DNS settings have go through by now. We want to set the A record to point to the external IP address of your station network we setup earlier. I setup a subdomain to point to my external IP. e.g. demo points to 8.x.x.x and the url https://demo.works-software.com should resolve correctly

n4 a record setup



Also change your SSL certificate to Full instead of Full (Strict) in the Crypto section:


n4 dashboard ssl



Benefits

Not only will you get added security for your customers, but you’ll get caching. Here is an example one of the files I require for my dashboard product. Although it is a Niagara station file, Cloudflare has automatically cached this file:


tridium security


Well, hopefully this will get you going and provide your customers with a better service.



Are you looking for a cost effective way to manage and visualize data for all your customers? Why not have a look at View Builder?

Maximize Your Graphics

Used by some of the largest companies in the world