If the certificate from the controller for encrypted communication has expired (valid from "not before" until "not after"), you get a prompt with a corresponding message in CODESYS when you attempt to access the controller. For example, to renew the expired certificate, you can accept the expired certificate and connect to the controller.
The behavior of the application after the expiration of an X.509 certificate depends on how it is used:
- 1
-
CODESYS communication:
When the certificate from the runtime system expires, a new self-signed certificate is automatically generated. This makes sure that secure, encrypted communication with the controller is always possible, for example to update this or other certificates later.
- 2
-
Signed and encrypted boot project:
The certificates remain valid even after expiration. The requirement for this is that the certificate was valid at the time of signing or encryption.
- 3
-
WebServer and OPC UA server:
After the certificate has expired, the operation of these servers is halted. Therefore, the certificate must absolutely be renewed before expiration in order to guarantee continuous operation.
If you have created or imported a new certificate on the controller, then this new certificate will be available for you to accept the next time you log in.
For more information, see: ⮫ “Encrypting Communication, Changing Security Settings ”
Other clients that communicate encrypted with the controller (for example, PLCHandler) will typically not accept an expired certificate. This means that no connection can be established here.