A
AndroidzZ
·Posted in ctrlX PLC

Web Server certificate expire on core

Hello there,

since a couple of days when I login into the core via PLC engineering a message that a certificate is expirering, see attachment. I dont recall saving the Web Server certificate on the core (see attachment). Can somebody tell me what for this certificate is and if i should renew this. If so, with which application is this certificate associated and how to renew?

Thanks in advance.

Warm regards,

Rob

Best reply by Yvonne

Hi AndroidzZ

This certificate seems to be auto-generated in the codeysys-RT certificate environment, and cannot be managed from the ctrlX core certificate environment. (We confirmed in the certificates menu of the ctrlX core web interface, that this expiration date does not refer to the web server certificate of the ctrlX core, which has a lifetime of 15 years by default)

You can renew the certificate by accessing the codesys-RT certificate store with the PLC shell in ctrlX PLC Engneering:

  • Open the PLC shell

  • Verify the number of the app by entering 'cert-getapplist' in the command line
  • Enter “cert-genselfsigned [<number retrieved by "cert-getapplist"> <expdays=>]”, so if you want to generate a certificate for secure communication (CmpSecureChannel) which is valid for 1 year, then enter "cert-genselfsigned 1 365"

  • Enter "cert-getcertlist" to view all certificates
  • Remove the old certificate with "cert-remove own <nr>" (the number can be found with the cert-getcertlist command)

If this does not work, you can also delete the existing web server certificate (cert-getcertlist --> cert-remove own <nr>), then a new one is generated automatically with a validity of 50 years. (This method only works if there is no web server certificate left on the core - maybe you need to remove more then one certificate to achieve this)

View original
WebServer expire.png
64.57KB
CERTIFICATE
CTRLXCORE
CTRLXPLC ENGINEERING
2 replies