Issue
The following issues have been seen when attempting to add and generate SSL Certificates via Device Administrator.
- Servers appeared as "unknown” in the Device Administrator server list, even though the certificate state is shown as "OK”. (green tick)
- The Server Certificates option is greyed out.
- Selecting Server Certificates in Device Administrator (when available) displays an error:
- Unable to get certificates from the device. Reason: Failed to read property ~/System/Security Manager/Certificates/ActiveCertificate. AttributeError: 'ConnectionRefusedError' object has no attribute 'library.'
Product Line
EcoStruxure Building Operation.
Environment
- EcoStruxure Building Operation server
- Building Operation Device Administrator
- Certificates enabled; HTTPS required end-to-end
Cause
The issue occurs due to an HTTPS port mismatch:
- Servers were added in Device Administrator using port 443, but were actually communicating on a different HTTPS port (e.g., 445).
- This port change is typically made via the Communications tab in WorkStation and does not automatically update in Device Administrator.
- Device Administrator does not validate the HTTPS port during server addition because it uses SSH and admin credentials for initial connection. However, certain features (such as certificate management) require the correct HTTPS port to be configured.
Resolution
From WorkStation check the Communication tab for all servers:
- Ensure HTTPS is enabled between all EBO servers when using certificates.
- Confirm the active HTTPS communications port configured on each server (e.g., 445)
In Device Administrator
- On affected servers, remove and re-add them in Device Administrator using the correct HTTPS port.
- After re-adding, manage Server Certificates in Device Administrator as usual.
See:
Certificates Managed using Device Administrator
Certificates Managed Using WorkStation
Additional Note:
Changing communication ports impacts connectivity and certificate bindings. Before modifying ports, confirm firewall rules, service bindings, and any reverse proxies. Always perform changes during a maintenance window and ensure full backups are available.
