Showing results for 
Search instead for 
Did you mean: 

Web Server certificate expire on core

Web Server certificate expire on core

New Contributor

Hello there,

since a couple of days when I login into the core via PLC engineering a message that a certificate is expirering, see attachment. I dont recall saving the Web Server certificate on the core (see attachment). Can somebody tell me what for this certificate is and if i should renew this. If so, with which application is this certificate associated and how to renew?

Thanks in advance.

Warm regards,



Community Moderator
Community Moderator

Sorry for the late reply we lost track of this issue. We will check this and come back to you as soon as there are new information.

Established Member

Hi @AndroidzZ

This certificate seems to be auto-generated in the codeysys-RT certificate environment, and cannot be managed from the ctrlX core certificate environment. (We confirmed in the certificates menu of the ctrlX core web interface, that this expiration date does not refer to the web server certificate of the ctrlX core, which has a lifetime of 15 years by default)

You can renew the certificate by accessing the codesys-RT certificate store with the PLC shell in ctrlX PLC Engneering:

  • Open the PLC shell


  • Verify the number of the app by entering 'cert-getapplist' in the command lineYvonne__0-1712302762924.png
  • Enter “cert-genselfsigned [<number retrieved by "cert-getapplist"> <expdays=>]”, so if you want to generate a certificate for secure communication (CmpSecureChannel) which is valid for 1 year, then enter "cert-genselfsigned 1 365"


  • Enter "cert-getcertlist" to view all certificates
  • Remove the old certificate with "cert-remove own <nr>" (the number can be found with the cert-getcertlist command)

If this does not work, you can also delete the existing web server certificate (cert-getcertlist --> cert-remove own <nr>), then a new one is generated automatically with a validity of 50 years. (This method only works if there is no web server certificate left on the core - maybe you need to remove more then one certificate to achieve this)