To reproduce on AXC F 2152 FW 2023.0:
-
Type 1 reset.
-
Change the IP address - in this case, to 192.168.8.222
-
Enable the (pre-release) remote gRPC Server option in the PLCnext Runtime.
-
On a remote machine, run the following grpcurl command:
$ grpcurl 192.168.8.222:50051 describe
Failed to dial target host "192.168.8.222:50051": x509: certificate is valid for 192.168.1.10, not 192.168.8.222
(that's the expected result)
-
Open the WBM site and open the Web Services page from the Configuration menu.
-
Regenerate the HTTPS certificate by selecting "Re-generate HTTPS certificate" and then "Apply".
-
The Output.log file gives the following messages:
01.02.23 09:32:04.033 Arp.Services.Wcm.WebConfigurationManager INFO - Regenerating self-signed HTTPS certificate..
01.02.23 09:32:04.098 Arp.Services.Wcm.Internal.IdentityStoreConfigurator INFO - Self-signed HTTPS certificate generated. Saving the certificate to file /opt/plcnext/Security/IdentityStores/HTTPS-self-signed/certificate.pem
01.02.23 09:32:04.121 Arp.Services.Wcm.Internal.IdentityStoreConfigurator INFO - Successfully saved self-signed certificate
01.02.23 09:32:04.123 Arp.Services.Wcm.WebConfigurationManager INFO - Self-signed HTTPS certificate has been re-generated
01.02.23 09:32:08.339 Arp.Services.Wcm.Internal.NginxConfigurator INFO - NGINX configuration has been reloaded
01.02.23 09:32:08.344 Arp.Services.Wcm.WebConfigurationManager INFO - HTTPS TLS config have been set
01.02.23 09:32:08.365 Arp.Services.Wcm.WebConfigurationManager INFO - Setting HTTPS certificate Identity Store to HTTPS-self-signed
01.02.23 09:32:08.665 Arp.Services.Wcm.Internal.NginxConfigurator INFO - NGINX configuration has been reloaded
01.02.23 09:32:08.667 Arp.Services.Modules.Wbm.Wcm.Internal.WcmHandler INFO - Identity Store for HTTPS certificate is: HTTPS-self-signed
-
On the remote machine, run the following grpcurl command:
$ grpcurl 192.168.8.222:50051 describe
Failed to dial target host "192.168.8.222:50051": x509: certificate is valid for 192.168.1.10, not 192.168.8.222
=> Problem: It looks like the new HTTPS certificate has been picked up by NGINX, but not by the gRPC server.
=> OK. (the unknown signer is a different issue).
To reproduce on AXC F 2152 FW 2023.0:
Type 1 reset.
Change the IP address - in this case, to 192.168.8.222
Enable the (pre-release) remote gRPC Server option in the PLCnext Runtime.
On a remote machine, run the following grpcurl command:
(that's the expected result)
Open the WBM site and open the Web Services page from the Configuration menu.
Regenerate the HTTPS certificate by selecting "Re-generate HTTPS certificate" and then "Apply".
The Output.log file gives the following messages:
On the remote machine, run the following grpcurl command:
=> Problem: It looks like the new HTTPS certificate has been picked up by NGINX, but not by the gRPC server.
Restart the PLCnext Runtime.
Try the command again:
=> OK. (the unknown signer is a different issue).