In case of connectivity errors when HTTPS is enabled, the Chrome Developer Tools can be used to identify problems with the HTTPS setup. This helps diagnose problems that occur when connecting to j5 from Chrome and also from the j5 IndustraForm Designer, which uses an internal Chrome framework. Other browsers may implement slightly different rules.
HTTPS certificates need to conform to a changing list of rules. If your browsers or mobile devices don't accept your certificate, here are the most common issues with certificates:
-
The certificate file installed on the j5 server must include all of your intermediate and root certificates. It will not work if you only provide your server certificate.
-
If the certificate is signed internally by a corporate Certificate Authority and not by a public one, the root Certificate Authority certificate must be installed on the client machine.
-
The name on the server certificate must match the server name.
-
The key size must be at least 2048 bits.
-
The certificate can only be valid for up to 397 days.
-
The certificate must use SHA256 or higher and not SHA1, which is deprecated.
-
The certificate must use Subject Alternative Name and not Common Name, which is deprecated.
-
The j5-prod.key, j5-prod.csr, and openssl.cnf files must either be in the same folder, which is recommended, or full path must be specified to all of those files.
-
Connectivity problems are frequently caused by firewall rules.
-
It may be necessary to reissue the server certificate after resolving the problems.