Install the SSL Certificate
The SSL (Secure Sockets Layer) certificate is a file stored on the PCMM2G that enables encrypted connections (HTTPS).
- The SSL certificate is only applicable to PCMM2G.
- By default, the PCMM2G contains a certificate generated by Kollmorgen.
- The web browser shows a warning message when the connection is not secure.
- To prevent this warning, the default certificate should be replaced by creating a new certificate in the Security tab.
- This certificate must be downloaded and installed onto the PC connected to the PCMM2G.
- This user-created certificate is assigned to the PCMM2G's IP address.
- The certificate becomes invalid if this IP address is modified.
Certificate Expiration Period
- The certificate expiration period is set by the user.
- Kollmorgen recommends 365 days (1 year).
- When the expiration period is over, the certificate becomes invalid.
- The user must create and install a new certificate to prevent security warnings.
Installation Procedure
Assumptions
The PCMM2G is connected to the router or laptop.
See the PCMM2G Installation Manual.
-
- The images in this procedure are from the Microsoft® Edge browser.
Other browsers have different options.
It's recommended to have only one instance of the web browser open for this procedure.
- Open a web browser.
- Enter the URL for the PCMM2G.
The default IP address is 192.168.0.101.
A connection message appears. (Figure 1) - Click the Advanced button.
Additional information about the connection appears. (Figure 2) - Click the Continue to (IP address) (unsafe) link.
The Web server opens for the PCMM2G. (Figure 3) - Login to the PCMM2G.
See User Authentication. - Click the Settings tab.
- Click the Security tab. (Figure 4)
- In the Create SSL Certificate area:
- Click OK to continue.
The SSL certificate successfully created message appears. (Figure 7) - Click OK to reboot the controller.
A rebooting message appears. (Figure 8) - Wait for the Disconnected message to appear. (Figure 9)
- Refresh the browser.
The connection message reappears. (Figure 10) - Click the Advanced button again.
Additional information about the connection reappears. (Figure 11) - Click the Continue to (IP address) (unsafe) link.
The Web server opens for the PCMM2G. - Click the Not secure button and click the Your connection to this site isn't secure option. (Figure 13)
- In the message header, click the Show certificate button. (Figure 14)
- Click the Details tab. (Figure 16)
- Click the Export button.
The Save As dialog opens. (Figure 17) - Select a folder to save the .crt file.
This example procedure uses the Downloads folder. (Figure 18) - Click the Save button.
The Save As dialog closes and the Details tab returns. - Use Windows® Explorer to locate and select the .crt file.
- The .crt file name is the PCMM2G's IP address.
Example: 192.168.0.101.crt.
- The .crt file name is the PCMM2G's IP address.
- Right-click the file and click the Install Certificate option. (Figure 19)
- Accept the default on the Welcome page and click Next.
The Certificate Store page opens. - Select the Place all certificates in the following store option. (Figure 21)
- Click the Browse... button.
The Select Certificate Store dialog opens. - Select the Trusted Root Certification Authorities certificate store. (Figure 22)
- Click OK to save the changes or selections and close the dialog.
The Certificate Store page returns and shows the selected Certificate store. (Figure 23) - Click Next.
The Completing the Certificate Import Wizard page opens. (Figure 24) - Click Finish.
A Security Warning dialog opens. (Figure 25) - Click Yes to install this certificate.
The Certificate Import Wizard - The import was successful message appears. (Figure 26) - Click OK to continue.
The Certificate Import Wizard - Details tab returns. - Close the wizard.
The connected PCMM2G Web server page returns. - Close the web browser.
- Verify ALL web browser windows are closed.
- Open a new web browser instance and use the URL to connect to the Web server.
The PCMM2G shows it is secure. (Figure 27) - Click the Settings tab.
- Click the Security tab.
The SSL Certificate Details area shows the Certificate Status and expiration date. (Figure 28)
Figure 2: Connection message - Advanced information
Figure 7: SSL certificate successfully created message
Figure 9: Disconnected message
Figure 11: Connection message - Advanced information
The PCMM2G shows it is Not secure. (Figure 12)
Figure 13: Your connection to this site isn't secure option
The certificate for this site is not valid message appears.
Figure 14: Show certificate button
The Certificate Viewer dialog opens.
The General tab is active. (Figure 15)
Figure 15: Certificate Viewer dialog - General tab
Figure 16: Details tab with Export button.
Figure 18: Save As dialog with saved .crt file
Figure 19: Selected .crt file and the Install Certificate option
The Certificate Import Wizard opens. (Figure 20)
Figure 20: Certificate Import Wizard - Welcome page
Figure 21: Certificate Import Wizard - Certificate Store page with selection
Figure 22: Selected Certificate Store dialog - Trusted Root Certification Authorities
Figure 23: Certificate Import Wizard - Certificate Store page with selected Certificate store
Figure 24: Certificate Import Wizard - Completing the Certificate Import Wizard page
Figure 25: Security Warning dialog
Figure 26: Certificate Import Wizard - The import was successful message
Figure 28: SSL Certificate Details area with certificate information
Troubleshooting
The webpage displays a warning:
- KAS IDE warning: The identity of this web site or the integrity of this connection cannot be verified.
- Microsoft Edge / Google Chrome warning: Your connection isn’t private.
- Mozilla Firefox warning: Warning: Potential Security Risk Ahead.
Remedies
- Verify the current certificate:
- has been downloaded and installed onto the machine.
- matches the IP address of the controller.
- has not expired yet
The IP address of the PCMM2G does not match the IP address listed on the SSL certificate.
Remedies
- Create, download, and install a new certificate with the new IP address.
- Configure the IP address with a static IP address matching the certificate’s IP address using the rotary switch.
- See Network tab.
- Reserve the certificate’s IP address for the PCMM2G using a router or server.
The KAS IDE continually prompts a Security Alert dialog box.
Remedies
- Click Yes to all the dialog boxes to continue to the Web server.
- Restart KAS-IDE.
- This situation can be avoided in the future by closing the Web server in KAS-IDE and creating the certificate using a web browser.