Fix error conditions

1. I enabled SSL and logged in using a secure connection, but the platform icon does not include the lock symbol. Why did the JACE boot with a connection that is not secure?
2. I enabled SSL and logged in using a secure connection. The platform icon shows the lock symbol, but no communication is occurring.
3. I’m using a signed server certificate, but the message “Unable to verify host identity” still appears when connecting to the platform.
4. My JACE or Supervisor private key has been compromised, what should I do?
5. For months I have been able to log in without being prompted to accept a certificate. All of a sudden the software is asking me to accept the certificate again.
6. When importing a client certificate into a client Trust Store I get the message, “The ‘Import’ command encountered an error.”
7. I’m trying to get two stations to connect and it’s not working.
8. We use self-signed certificates. All hosts are approved in the Allowed Hosts list, and we’ve been able to connect to our JACEs without getting the message that our hosts are not trusted. All of a sudden we’re getting that message again. What happened?
9. I configured SSL and supplied one or more certificates, but I cannot make a secure connection to the station.
10. I get the following message when I attempt to log in to a secure station:

1.	I enabled SSL and logged in using a secure connection, but the platform icon does not include the lock symbol. Why did the JACE boot with a connection that is not secure?
	Most likely there is something wrong with the certificate. If a certificate fails, or for any reason SSL does not enable, rather than lock you out of the platform, the system enables a connection without security. Reset the JACE. If you have to replace or reset a JACE, assuming you exported the keys, you can import them to the reset JACE.
2.	I enabled SSL and logged in using a secure connection. The platform icon shows the lock symbol, but no communication is occurring.
	A port may be blocked or ignored by your firewall or secure router. See About TCP ports for the list of default port numbers. Consult your firewall or router documentation for a list of blocked ports, then either unblock the port in the firewall or router, or change the port using Workbench.
3.	I’m using a signed server certificate, but the message “Unable to verify host identity” still appears when connecting to the platform.
	The server certificate does not have a matching public key in the Trust Store. Import the root certificate into the Trust Store.
4.	My JACE or Supervisor private key has been compromised, what should I do?
	Get on site as quickly as possible. Take the entire network off the internet. Reset each JACE and configure security again creating and signing all new certificates.
5.	For months I have been able to log in without being prompted to accept a certificate. All of a sudden the software is asking me to accept the certificate again.
	The problem may be caused by one or more of the following: The Workbench client may no longer contain the host’s certificate in the Trust Store (for whatever reason). Check the certificate and import as needed. The certificate may have expired or changed and a new certificate needs to be imported into the Trust Store. To be on the safe side, clear the stores and have the platform generate a new certificate and key pair. Then, either get the new certificate signed and import it into the Trust Store or approve it in the Allowed Hosts list. There may be a problem with the Fox port. Check the Fox Service on the Client NiagaraNetwork to ensure the correct Fox port: 4911 for Foxs; 1911 for Fox.
6.	When importing a client certificate into a client Trust Store I get the message, “The ‘Import’ command encountered an error.”
	Check the certificate and re-create it if necessary. Click the Details button to view the Workbench console. You may be attempting to import a private key into the Trust Store. This cannot be done.
7.	I’m trying to get two stations to connect and it’s not working.
	If this is the first time you are making this connection, check the Allowed Hosts list. The station serving as the client may not have a certificate in its Trust Store for the station that is serving as the server. In the Allowed Hosts list, select the certificate and click Approve. Make sure the certificate has the correct name and port number in the Host column.
8.	We use self-signed certificates. All hosts are approved in the Allowed Hosts list, and we’ve been able to connect to our JACEs without getting the message that our hosts are not trusted. All of a sudden we’re getting that message again. What happened?
	If the IP address of the JACEs changed, the entry in the Allowed Hosts list is no longer valid.
9.	I configured SSL and supplied one or more certificates, but I cannot make a secure connection to the station.
	When you begin the process you connect to the station using a standard Fox connection that is not secure. Once SSL is configured, you must right-click on the station and disconnect all Fox sessions, then reconnect to the station using Foxs.
10.	I get the following message when I attempt to log in to a secure station: Figure 30. Login error
	Either secure Web Service (Https) is enabled (set to true) and Foxs is not enabled, or Foxs is enabled and Https is not. For a secure connection, both Https Enabled and Foxs Enabled must be set to true. To check and change these properties, see Enable SSL for the Supervisor and JACE stations.