Install the SSL Certificate

The SSL (Secure Sockets Layer) certificate is a file stored on the PCMM2G that enables encrypted connections (HTTPS).

  • The SSL certificate is only applicable to PCMM2G.
  • By default, the PCMM2G contains a certificate generated by Kollmorgen.
  • The web browser shows a warning message when the connection is not secure.
    • To prevent this warning, the default certificate should be replaced by creating a new certificate in the Security tab.
    • This certificate must be downloaded and installed onto the PC connected to the PCMM2G.
    • This user-created certificate is assigned to the PCMM2G's IP address.
      • The certificate becomes invalid if this IP address is modified.

Certificate Expiration Period

  • The certificate expiration period is set by the user.
    • Kollmorgen recommends 365 days (1 year).
  • When the expiration period is over, the certificate becomes invalid.
  • The user must create and install a new certificate to prevent security warnings.

Installation Procedure

Assumptions

The PCMM2G is connected to the router or laptop.
See the PCMM2G Installation Manual.


  • The images in this procedure are from the Microsoft® Edge browser.
    Other browsers have different options.
    Only one instance of the web browser can be open for this procedure.
  1. Open a web browser.
  2. Enter the URL for the PCMM2G.
    The default IP address is 192.168.0.101.
    A connection message appears. (Figure 1)

    3. Figure 1: Connection message

  3. Click the Advanced button.
    Additional information about the connection appears. (Figure 2)

    4. Figure 2: Connection message - Advanced information

  4. Click the Continue to (IP address) (unsafe) link.
    The Web server opens for the PCMM2G. (Figure 3)

    5. Figure 3: Not Secure PCMM2G

  5. Login to the PCMM2G.
    See User Authentication.
  6. Click the Settings tab.
  7. Click the Security tab. (Figure 4)

    8. Figure 4: Security tab

  8. In the Create SSL Certificate area:
    1. Enter the Organization Name.
    2. Enter the Expiration Period (days). (Figure 5)

      • Kollmorgen recommends 365 days (1 year).

      Figure 5: Create SSL Certificate area with content

    3. Click the Create SSL Certificate button.
      A confirmation message appears. (Figure 6)

      4. Figure 6: Confirmation message

  9. Click OK to continue.
    The SSL certificate successfully created message appears. (Figure 7)

    10. Figure 7: SSL certificate successfully created message

  10. Click OK to reboot the controller.
    A rebooting message appears. (Figure 8)

    11. Figure 8: Rebooting message

  11. Wait for the Disconnected message to appear. (Figure 9)

    12. Figure 9: Disconnected message

  12. Refresh the browser.
    The connection message reappears. (Figure 10)

    13. Figure 10: Connection message

  13. Click the Advanced button again.
    Additional information about the connection reappears. (Figure 11)

    14. Figure 11: Connection message - Advanced information

  14. Click the Continue to (IP address) (unsafe) link.
    The Web server opens for the PCMM2G.

    15. The PCMM2G shows it is Not secure. (Figure 12)

    Figure 12: Not secured PCMM2G

  15. Click the Not secure button and click the Your connection to this site isn't secure option. (Figure 13)

    16. Figure 13: Your connection to this site isn't secure option

    The certificate for this site is not valid message appears.

  16. In the message header, click the Show certificate button. (Figure 14)

    17. Figure 14: Show certificate button

    The Certificate Viewer dialog opens.
    The General tab is active. (Figure 15)

    Figure 15: Certificate Viewer dialog - General tab

  17. Click the Details tab. (Figure 16)

    18. Figure 16: Details tab with Export button.

  18. Click the Export button.
    The Save As dialog opens. (Figure 17)

    19. Figure 17: Save As dialog

  19. Select a folder to save the .crt file.
    This example procedure uses the Downloads folder. (Figure 18)

    20. Figure 18: Save As dialog with saved .crt file

  20. Click the Save button.
    The Save As dialog closes and the Details tab returns.
  21. Use Windows® Explorer to locate and select the .crt file.
    • The .crt file name is the PCMM2G's IP address.
      Example: 192.168.0.101.crt.
  22. Right-click the file and click the Install Certificate option. (Figure 19)

    23. Figure 19: Selected .crt file and the Install Certificate option

    The Certificate Import Wizard opens. (Figure 20)

    Figure 20: Certificate Import Wizard - Welcome page

  23. Accept the default on the Welcome page and click Next.
    The Certificate Store page opens.
  24. Select the Place all certificates in the following store option. (Figure 21)

    25. Figure 21: Certificate Import Wizard - Certificate Store page with selection

  25. Click the Browse... button.
    The Select Certificate Store dialog opens.
  26. Select the Trusted Root Certification Authorities certificate store. (Figure 22)

    27. Figure 22: Selected Certificate Store dialog - Trusted Root Certification Authorities

  27. Click OK to save the changes or selections and close the dialog.
    The Certificate Store page returns and shows the selected Certificate store. (Figure 23)

    28. Figure 23: Certificate Import Wizard - Certificate Store page with selected Certificate store

  28. Click Next.
    The Completing the Certificate Import Wizard page opens. (Figure 24)

    29. Figure 24: Certificate Import Wizard - Completing the Certificate Import Wizard page

  29. Click Finish.
    A Security Warning dialog opens. (Figure 25)

    30. Figure 25: Security Warning dialog

  30. Click Yes to install this certificate.
    The Certificate Import Wizard - The import was successful message appears. (Figure 26)

    31. Figure 26: Certificate Import Wizard - The import was successful message

  31. Click OK to continue.
    The Certificate Import Wizard - Details tab returns.
  32. Close the wizard.
    The connected PCMM2G Web server page returns.
  33. Close the web browser.
  34. Verify ALL web browser windows are closed.
  35. Open a new web browser instance and use the URL to connect to the Web server.
    The PCMM2G shows it is secure. (Figure 27)

    36. Figure 27: Secure PCMM2G

  36. Click the Settings tab.
  37. Click the Security tab.
    The SSL Certificate Details area shows the Certificate Status and expiration date. (Figure 28)

    38. Figure 28: SSL Certificate Details area with certificate information

Troubleshooting

The webpage displays a warning:

  • KAS IDE warning: The identity of this web site or the integrity of this connection cannot be verified.
  • Microsoft Edge / Google Chrome warning: Your connection isn’t private.
  • Mozilla Firefox warning: Warning: Potential Security Risk Ahead.

Remedies

  • Verify the current certificate:
    • has been downloaded and installed onto the machine.
    • matches the IP address of the controller.
    • has not expired yet

The IP address of the PCMM2G does not match the IP address listed on the SSL certificate.

Remedies

  • Create, download, and install a new certificate with the new IP address.
  • Configure the IP address with a static IP address matching the certificate’s IP address using the rotary switch.
  • Reserve the certificate’s IP address for the PCMM2G using a router or server.

The KAS IDE continually prompts a Security Alert dialog box.

Remedies

  • Click Yes to all the dialog boxes to continue to the Web server.
  • Restart KAS-IDE.
  • This situation can be avoided in the future by closing the Web server in KAS-IDE and creating the certificate using a web browser.