If https is being used in server to server communication, the SSL certificates are now being validated when a connection is set up between 2 servers.
If the SSL certificate fails, the validation the default behaviour is to issue a system alarm informing the user of the invalid certificate being used.
In the control panel, it is possible to change this behaviour to
Do nothing
Send alarm
Stop Communication
Send alarm and stop communicating
If you are using the default certificates distributed with the EBO installation, these certificates will always fail the validation since they are self-signed and cannot be validated against a CA certificate.
In order to supply certificates that can be validated you need to perform some steps in the Device Administrator for the automation servers and some manual steps in Windows for the Windows servers.
You need to create server certificates that have been signed by a CA certificate.
For servers exposed to public networks usually a commercial certificate is being used, obtained from a trusted certificate authority.
For servers on private isolated networks, self-signed CA certificates can be used.
In the Device Administrator CA certificates can now be downloaded to the automation server.
For Windows servers, you instead add them to the Windows certificate store.
The server certificate that has been signed with the CA certificate is also downloaded via Device Administrator to automation servers.