Install the SSL Server Certificate (Self-Signed)


  • This procedure is only for PCMM2G controllers.

The Secure Sockets Layer (SSL) certificate is a file stored on the PCMM2G that enables encrypted connections (HTTPS).

  • The SSL certificate is only applicable to PCMM2G.
  • By default, the PCMM2G contains a certificate generated by Kollmorgen.
  • The web browser shows a warning message when the connection is not secure.
    • To prevent this warning, the default certificate should be replaced by creating a new certificate in the Security tab.
    • This certificate must be downloaded and installed onto the PC connected to the PCMM2G.
    • This user-created certificate is assigned to the PCMM2G's IP address.
      • The certificate becomes invalid if this IP address is modified.

Certificate Expiration Period

  • The certificate expiration period is set by the user.
    • Kollmorgen recommends 365 days.
  • When the expiration period is over, the certificate becomes invalid.
  • The user must create and install a new certificate to prevent security warnings.

Installation Procedure

Assumptions

The PCMM2G is connected to the router or laptop.
See the PCMM2G Installation Manual.


  • The images in this procedure are from the Microsoft® Edge browser.
    Other browsers have different options.
    It's recommended to have only one instance of the web browser open for this procedure.

    • The self-signed SSL Certificate generated from this procedure can be used by the OPC UA Server to enable encrypted and authenticated data exchange between OPC UA clients and the PCMM2G controller.
    • See OPC UA - Create New Driver Configuration for setup instructions.

Procedure

  1. Open a web browser.
  2. Enter the controller's IP address for the URL.
    The default IP address for the PCMM2G is 192.168.0.101.
    A connection message appears. (Figure 1)

    3. Figure 1: Connection message

  3. Click the Advanced button.
    Additional information about the connection appears. (Figure 2)

    4. Figure 2: Connection message - Advanced information

  4. Click the Continue to (IP address) (unsafe) link.
    The Web server opens for the PCMM2G. (Figure 3)

    5. Figure 3: Not Secure PCMM2G

  5. Login to the PCMM2G.
    See User Authentication.
  6. Click the Settings tab.
  7. Click the Certificates tab. (Figure 4)

    8. Figure 4: Certificates tab

  8. In the Create SSL Server Certificate (Self-Signed) area:
    1. Enter the Organization Name.
    2. Enter the Expiration Period (days). (Figure 5)

      • Kollmorgen recommends 365 days.

      Figure 5: Create SSL Certificate area with content

    3. Click the Create Certificate button.
      A confirmation message appears. (Figure 6)

      4. Figure 6: Confirmation message

  9. Click OK to continue.
    The SSL certificate successfully created message appears. (Figure 7)

    10. Figure 7: SSL certificate successfully created message

  10. Click OK to reboot the controller.
    A rebooting message appears.
  11. Wait for the Disconnected message to appear. (Figure 8)

    12. Figure 8: Disconnected message

  12. Refresh the browser.
    The connection message reappears. (Figure 9)

    13. Figure 9: Connection message

  13. Click the Advanced button again.
    Additional information about the connection reappears. (Figure 10)

    14. Figure 10: Connection message - Advanced information

  14. Click the Continue to (IP address) (unsafe) link.
    The Web server opens for the PCMM2G.
    The PCMM2G shows it is Not secure. (Figure 11)

    15. Figure 11: Not secured PCMM2G

  15. Click the Not secure button and click the Your connection to this site isn't secure option. (Figure 12)

    16. Figure 12: Your connection to this site isn't secure option

    The certificate for this site is not valid message appears.

  16. In the message header, click the Show certificate button. (Figure 13)

    17. Figure 13: Show certificate button

    The Certificate Viewer dialog opens.
    The General tab is active. (Figure 14)

    Figure 14: Certificate Viewer dialog - General tab

  17. Click the Details tab. (Figure 15)

    18. Figure 15: Details tab with Export button.

  18. Click the Export button.
    The Save As dialog opens. (Figure 16)

    19. Figure 16: Save As dialog

  19. Select a folder to save the .crt file.
    This example procedure uses the Downloads folder. (Figure 17)

    20. Figure 17: Save As dialog with saved .crt file

  20. Click the Save button.
    The Save As dialog closes and the Details tab returns.
  21. Use Windows® Explorer to locate and select the .crt file.
    • The .crt file name is the PCMM2G's IP address.
      Example: 192.168.0.101.crt.
  22. Right-click the file and click the Install Certificate option. (Figure 18)

    23. Figure 18: Selected .crt file and the Install Certificate option

    The Certificate Import Wizard opens. (Figure 19)

    Figure 19: Certificate Import Wizard - Welcome page

  23. Accept the default on the Welcome page and click Next.
    The Certificate Store page opens.
  24. Select the Place all certificates in the following store option. (Figure 20)

    25. Figure 20: Certificate Import Wizard - Certificate Store page with selection

  25. Click the Browse... button.
    The Select Certificate Store dialog opens.
  26. Select the Trusted Root Certification Authorities certificate store. (Figure 21)

    27. Figure 21: Selected Certificate Store dialog - Trusted Root Certification Authorities

  27. Click OK to save the changes or selections and close the dialog box.
    The Certificate Store page returns and shows the selected Certificate store. (Figure 22)

    28. Figure 22: Certificate Import Wizard - Certificate Store page with selected Certificate store

  28. Click Next.
    The Completing the Certificate Import Wizard page opens. (Figure 23)

    29. Figure 23: Certificate Import Wizard - Completing the Certificate Import Wizard page

  29. Click Finish.
    A Security Warning dialog opens. (Figure 24)

    30. Figure 24: Security Warning dialog

  30. Click Yes to install this certificate.
    The Certificate Import Wizard - The import was successful message appears. (Figure 25)

    31. Figure 25: Certificate Import Wizard - The import was successful message

  31. Click OK to continue.
    The Certificate Import Wizard - Details tab returns.
  32. Close the wizard.
    The connected PCMM2G Web server page returns.
  33. Close the web browser.
  34. Verify ALL web browser windows are closed.
  35. Open a new web browser instance and use the URL to connect to the Web server.
    The PCMM2G shows it is secure.
  36. Click the Secure button. (Figure 26)

    37. Figure 26: Secure PCMM2G

  37. Click the Connection is secure option. (Figure 27)

    38. Figure 27: Connection is secure option

    The Certificate is secure message appears. (Figure 28)

    Figure 28: Certificate is secure message

  38. Click the Settings tab.
  39. Click the Certificates tab.
    The SSL Server Certificate Details area shows the Status and expiration date. (Figure 29)

    40. Figure 29: SSL Server Certificate Details area with certificate information

Troubleshooting

The webpage displays a warning:

  • KAS IDE warning: The identity of this web site or the integrity of this connection cannot be verified.
  • Microsoft Edge / Google Chrome warning: Your connection isn’t private.
  • Mozilla Firefox warning: Warning: Potential Security Risk Ahead.

Remedies

  • Verify the current certificate:
    • has been downloaded and installed onto the machine.
    • matches the IP address of the controller.
    • has not expired yet

The IP address of the PCMM2G does not match the IP address listed on the SSL certificate.

Remedies

  • Create, download, and install a new certificate with the new IP address.
  • Configure the IP address with a static IP address matching the certificate’s IP address using the rotary switch.
  • Reserve the certificate’s IP address for the PCMM2G using a router or server.