As part of our continued product testing & evaluation programme, it has come to light that there is an issue with HTTPS connection / certificate handling which appears to be affecting the kiosk web browser apps that come bundled with all the Android based touch screen displays that we supply, including iSMA, Vorex and SystemView units. Our initial assessment indicates that these issues are related to updates to both web components and security practices of the Android OS, as well as updates to Tridium Niagara 4 which utilise modern web server feature sets.
Specifically, each of these different range of screens uses their own kiosk mode web browser app, but they all share core underlying parts of the Android operating system, known as the ‘Web View’ component. This is essentially the core of the chrome browser upon which all web browser style apps are based on the Android OS.
We have identified that some or all these apps are unable to load web pages over HTTPS if a self signed or untrusted certificate is in use. This is related to difficulties with granting third party developed apps access to the Android user trust store (for access to custom CA certificates) or the inability to add exceptions/ignore self-signed certificates such as those that are used by a default Tridium Niagara 4 installation.
We are working with manufacturers and our own development team to find a solution to this problem as most systems you would use these displays to browse to are now HTTPS by default and come supplied with a self-signed certificate.
*** Until we have a solution, we are advising that these displays will be supplied as supporting plain HTTP connections only and thus should only be deployed on private, secured networks as you will be required to enable plain HTTP on whatever system you are using these displays to show. ***
Note that full HTTPS functionality works as expected if a system presents a signed and trusted certificate such as those issued by major public certificate authorities, however we understand that implementing certificates of this nature on small or private networks is not feasible in most cases. We shall provide a further update once we have identified a solution.
Regards – The One Sightsoluions R&D team
Issued 15/9/2023