WBM access and first steps

Each PLCnext Technology controller features a Web-based Management (WBM). In the WBM, you can access static and dynamic controller information and modify certain controller settings. You can call WBM via every Ethernet interface of the controller.

The WBM systems of controllers with PLCnext Technology all have the same structure and are generally described in the following. Device-specific additions and deviations are optional and described in the corresponding device user manual. 

cookie

Note: Tutorial videos are embedded from the Phoenix Contact Technical Support YouTube channel.  With playing an embedded YouTube video in this platform, you accept the YouTube Terms & Conditions.
Depending on your personal settings in the Cookie consent dialog you may have allowed cookies for marketing purposes which will remain on your device. The data gained through this will be used by YouTube to provide video suggestions and advertisements based on your browsing habits, and may be made available to other parties. 

Establishing a connection to WBM

Initial access: Connecting 

To establish a connection to WBM on the device, proceed as follows:

  • Connect the device to your PC via one of the devices' Ethernet interfaces (assuming that the https port 443 has not been blocked by a firewall rule). 
  • Make sure your PC and the device are in the same network.
  • Open a web browser on your PC.
  • In the address field, enter the URL https://ip.address.of.interface (example: https://192.168.1.10 - see the respective hardware documentation for default values). 
    Find the default setting for your device in the ... and/or the additional data sheet or manual.
Note: If there is a PLCnext Engineer HMI application on a device, entering the URL https://ip.address.of.interface calls the PLCnext Engineer application instead of the WBM. To call WBM directly, enter the URL https://ip.address.of.interface/wbm.

Initial access: TLS certificate

For secure communication, the controller's web server uses a self-signed TLS certificate automatically generated by the controller. Before the controller's web server can be accessed, you must authorize the TLS certificate in your web browser.

Note:

  • The controller generates the TLS certificate during the boot phase.
  • The certificate uses the IP address of the Ethernet interface with PROFINET® controller function.
  • The certificate is used for all Ethernet interfaces of the controller.
  • Each IP address of the controller must be authorized in the web browser before a PLCnext Engineer HMI application can be accessed via this address and therefore via the corresponding Ethernet interface.
  • The certificate is regenerated after the controller is reset to factory settings.

Note: Certificate setting

From firmware 2021.0 LTS

Up to firmware 2020.6, the HTTPS certifcate and its related private key were located as files on the file system of the controller. These files have been replaced by symbolic links. Therefore, when updating the firmware, the existing certificate and key files are moved to /opt/plcnext/Security/IdentityStores/HTTPS-self-signed-Backup/*.* and symbolic links are created at the original location pointing to this backup.

On the WBM Certificate Authentication page you can either select to use an existing IdentityStore or to use self-signed certificates. 
When using an existing IdentityStore the symbolic links are changed and refer now to the specified IdentityStore.
When using self-signed certificates a self-signed certificate is generated at /opt/plcnext/Security/IdentityStore/HTTPS-self-signed/*.* and the symbolic links refer to that IdentityStore. 
When creating a self-signed certificate via the Certificate Authentication WBM page, the /opt/plcnext/Security/IdentityStores/HTTPS-self-signed-Backup directory is not modified.

Up to firmware 2020.6

The HTTPS certificate and its related private key are located as files in the following directories of the controller file system:

  • /opt/plcnext/Security/Certificates/https/https_cert.pem
  • /opt/plcnext/Security/Certificates/https/https_key.pem

You can exchange these files by your own certificate and key. 

Initial access: Welcome page

The Welcome page is shown when the web server on the controller is accessed for the first time.

The Welcome page contains links to the following web content:

Tip: If you do not want the welcome page to be displayed each time the controller web server is accessed:
  • Enable the Do not show this page in the future and go directly to the WBM check box at the bottom.

The next time you access the controller web server, the login page of WBM opens immediately, see Login to WBM
The Welcome page remains accessible via URL https://IP.address.of.controller/welcome.

Alternatively, you can enter the URL https://IP.address.of.controller/wbm (example: https://192.168.1.10/wbm) in your browser's address field. This way the WBM is displayed immediately but doesn't skip the Welcome page for new users entering just the IP address.

Login to Web-based Management

The WBM login page is displayed when:

  • ...you access WBM for the first time.
  • ...you have enabled the WBM user authentication function, see User Authentication page.

If you disable user authentication, login is not necessary to access WBM. In this case, the WBM start page is displayed when WBM is accessed.

WBM_Login.png
From firmware 2021.0 LTS, a System Use Notification is displayed on the WBM login page which can be customized:
 

Initial access as an administrator

When you access WBM for the first time, log in as the administrator.

  • Enter the user name admin in the Username input field.
  • Enter the administrator password in the Password input field.
    The administrator password is printed on the controller. For more detailed information, refer to the user manual for your controller.
  • To open WBM, click on the Login button.

The WBM start page opens.

Recommended:

  • Only use the administrator password for initial login.
  • Once you have logged in successfully, change the administrator password to prevent unauthorized administrator access (Setting a password).
Note: After changing the access data for the administrator, it is no longer possible to log in with the user name admin and the administrator password printed on the controller.
The password printed on the controller is valid again after resetting the controller to default settings. For information on how to perform the reset, refer to the manual for your controller.

Logging in as a user

If WBM user authentication is enabled, log in using your user credentials.

  • Enter your user name in the Username input field.
  • Enter your password in the Password input field. The password can be obscured (not displayed as plain text).
  • To open WBM, click on the Login button.

The WBM start page opens.

Password expiration notification

Available from 2022.6

When the user password is about to expire, the following note is displayed in the header after logging into the WBM:

For further information on how to set an expiration date for a password, refer to Password Policy.

Session timeout notification

Available from 2022.6

Two minutes before the current WBM session expires, a corresponding note is displayed in the header.

  • If you want to extend the current session, click the Prolong session button. 

For further information on how to set the maximum session time, refer to Session Configuration.

Start page – areas and functions

WBM_Startseite.png

Changing the language

1 You can change the language for the WBM user interface in the top left of the web browser window.

  • Click the Deutsch or English link to change the language.

WBM then immediately switches to the desired language.

Help menu

Available from 2021.0 LTS

2 From firmware version 2021.0 LTS on, the header of the WBM has the menu item Help.
The Help menu contains links to Phoenix Contact PSIRT, further information, support, etc.

 

Security state

Available from 2022.0 LTS

3 In the head section, the security state is displayed by these markers:

Security Profile activation state

If the controller is used in a security context according to IEC 62443, a Security Profile may be active or prepared to be activated. Then the activation state is displayed in the header of each WBM page. Otherwise, this section is empty.
See Security Profile WBM topic for more information.

Integrity Check outcome

If a Security Profile is active, the boot-up Integrity Check outcome is in the header of each WBM page. Otherwise this field  in the section is empty.

Navigation panel

4 The WBM is split into the following main areas:

  • Information: General device information, current Ethernet configuration
  • Diagnostics: PROFINET®, Local Bus (Axioline, Interbus (Inline))
  • Configuration: ProficloudPROFIsafe®
  • Security: User authentication, certificate authentication and firewall
  • Administration: Firmware update of the non-safety-related device firmware, license and app management, PLCnext Apps

To show all pages in a main area click on  at its name.

Tip of the day

5 From firmware version 2021.0 LTS the start page of the WBM contains the section Tip of the day. In this area helpful messages and hints are displayed.

Licensing information on open source software

6 PLCnext Technology controllers work with a Linux operating system. All license information can be called up via the Legal Information link on every page of WBM:

  • Click on the Legal Information link on the bottom left of each WBM page.

Licenses for all of the open source software used are shown.

 

 


•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari • 
• Published/reviewed: 2022-09-14 • Revision 046 •