The certificate name must match the FrameWorX Server computer name:
NOTE: ICONICS highly recommends setting up any production servers where MobileHMI is installed to use https (rather than http) to help improve security.
See Enhanced HTTPS Security for additional options.
The following scenario assumes that the MobileHMI Server is already installed and fully functional over HTTP protocol.
Either create the Self/CA-signed certificate using the command line tool or use the CA issued and signed certificate together with the CA certificate. When using the certificate issued by CA, import it with the private key (*.pfx) into the “Local Computer -> Personal” certificate store.
The certificate name must match the FrameWorX Server computer name:
To generate a self-signed certificate, use this command:
C:\Program Files\ICONICS\GENESIS64\InstCert>makecert -n "CN=CollectorComputerName" -sr LocalMachine -ss My -r -sky exchange -pe -sk MarkContainerName
For the used certificate (CA-signed or self-signed), grant permissions to the user under which services run (e.g. ICONICS_USER).
Open MMC console and add “Local Computer” certificates.
Go to Certificates -> Personal -> Certificates.
Right-click on the created certificate – select “All Tasks” -> “Manage Private Keys”.
Add a user, which is used for the service account, and grant at least Read permissions.
Export the certificate created in step #1. Right-click “All Tasks” -> “Export”.
Using default settings (.CER without Private key)
Import the server certificate without a private key into the Local Computer/Trusted Root Certification Authorities. Also, make sure that the CA certificate is present when using CA-signed certificates.
Open IIS Manager and expand the explorer.
Right-click on Default Web Site and select “Edit Bindings”.
Add HTTPS and select the server certificate.
Restart IIS server.
Configure the connection parameters for the “Mobile Clients” tab in the FrameWorX Server Location tool according to the following figure.
Mobile Clients Over HTTPS – Connection Configuration
Log on to the client machine as any user
Open Internet Explorer and define the full anyglass AppHub URL:
https://t31-64/anyglass/projects/AppHub.ag
Add the server URL (e.g. https://ServerName/) to the “Trusted sites” list in IE, if necessary.
Now, an error related to untrusted server certificates will appear:
MobileHMI – Certificate Untrusted or Missing
Install the certificate into the Local Computer/Trusted Root Certification Authority certificate store.
Also make sure that the CA certificate is located in the Trusted Root Certification Authority store when using the CA-signed certificate or else the server certificate will be untrusted.
Close and reopen the browser/application and reconnect to the server.
Mobile Client Running Over HTTPS
Install MobileHMI application from the appropriate application store.
MobileHMI on Apple Store
Launch the application and define the MobileHMI server name or IP address.
Try to connect to the server. It fails on Connection error because of the untrusted server certificate.
Connecting without Trusting Certificate
Download and deploy the self-signed or CA certificate using the following guides according to the used mobile platform:
Email your “SelfSigned.cer” or “CA-signed.cer” certificate to the iOS device.
Open the email and tap on the attached certificate that you will be asked to install.
Enter the password and confirm installation again.
Certificate is installed you should be able to connect to the MobileHMI server again.
Copy the “SelfSigned.cer” or “CA-signed.cer” certificate to the root of the /sdcard folder inside your Android device.
Inside your Android device, Settings > Security > Install from storage.
It should detect the certificate presence and let you add it to the device.
When done, you should be able to connect to the MobileHMI server again.
Start the MobileHMI application again and connect to the server.
Connected on iOS After Setting Certificate as Trusted
Install the MobileHMI application from the Windows Store.
MobileHMI - Application on Windows Store
Launch the application and define the MobileHMI server name or IP address.
MobileHMI App – Predefined Servers
Tap on the newly added server icon to connect to the server. No certificate validation should be required or configured as all the server certificates are trusted by default
MobileHMI – Connecting to the Server
Once you connect to the server, you should be able to browse through layouts and tiles structure and see the content.
MobileHMI – Browsing Tiles and Viewing Displays
See Also: