Support with SCADA Software User Interface

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: I do not know. I have no idea what this is. Please excuse me as I have next to zero IT knowledge.

I basically have a software, (a SCADA) monitoring a AC Plant Parameters such as Current, Voltage, Temperature, etc.

The User Interface opens on a web browser. I use the localhost/"softwarename" to access while anyone wanting to view the data either on local network or from via the internet will enter the IP instead of localhost.

The issue is that the session that any client starts comes up as Not Secure. I need to make it HTTPS to get it working.

I am unable to even get a start.

Please guide if possible. Thanks.

I ran this command: I do not know.

It produced this output: I do not know.

My web server is (include version): I do not know.

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: The software is running on a VM in the my customer's premises.

I can login to a root shell on my machine (yes or no, or I don't know): I do not know.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.16.0

Hi, Let's Encrypt certificates can only be public DNS names like www.domain.com or system01.domain.com, but not just system01, and not localhost.

If you control DNS for that domain (you probably don't) you can get a certificate for any hostname under that domain using any ACME tool (certbot or https://certifytheweb.com etc) but you need to be able to change DNS records in the domain or hosting a public website on the domain.

Really, your customer's IT dept should be able to supply you a certificate but you need to regularly update that (at least every 90 days), so it's best to automate that if you can.

How you actually apply the certificate to the service will depend on the exact server software being used (Apache, nginx, IIS, Tomcat, something custom etc)

Your customers IT dept may also be able to generate internal certificates which are just trusted by their own computers, this is very common and doesn't require a public domain name.

Unfortunately, Let's Encrypt does not offer certificates for IP addresses.. There was support for this planned until a while ago where they removed the plan to support this I'm afraid.

There are other free SSL certificate providers out there which might (I'm not sure) support IP addresses.

Hello.
Thank you for the response.
Yes. It is not a public domain name.
I'll recheck with their IT for any possibilities.

Hi.
Thank you for the reply.
I guess buying one is the only option here.

You can also have a public DNS name that points to an internal/non-public IP, you can still get a cert for it if you use DNS validation.

Before you do that, please try ZeroSSL and/or SSL.com: they offer free certificates through their ACME API and perhaps also offer certificates for (public) IP addresses.

As I said, I have very little IT knowledge. So please excuse any wrong wording or data I give.
Instead of the IP there is a name the customer IT has given to the system to access the same page, i.e. something like this abc1-ums.abc1.

abc here are initials of the customer while UMS is the name given to the system, i.e. Utility Monitoring System.

Is this something I can utlize?
Thanks.

Thank you. I'll check these out.

Yes, you can use the name they gave you if the name ends in a real domain (like abc1-ums.abc1.com) but because of the way validation works (and because the system is not visible on the public internet) certificate validation requires changes to DNS records whenever the certificate is renewed. That's why it's probably easier for IT to provide your the certificate, because they are unlikely to give you any control over DNS.

Thank you. I did some reading over the weekend and I have some understanding now. I do have to get their IT involved for this. They need to setup the real domain as they have to expose it to the internet. Then I believe Let's Encrypt will work.

For DNS validation you just need the domain to be a real domain in DNS, it does not have to be a public website.

Given this is a SCADA system you usually don't want it to be publicly accessible via http (so you can't use http validation).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.