Web-based Management 2:
System → App management

Valid from firmware release 2025.0 - 
for earlier firmware see Administration - PLCnext Apps

On the App management WBM 2 page, the secure installation of apps and on the device can be handled. This WBM 2 page can be made unavailable by deactivating the App Manager service. If the App management entry is missing in the left-side navigation, check and maybe change the status of the App Manager service in the System → System services WBM 2 page.

Note: Access to the specific pages in the WBM 2 depends on user roles and their rights - see WBM 2: Accessibility for details.

PLCnext Technology Apps tab

With firmware releases 2025.0 to 2025.9, a single page shows the handling and status overview of apps on your device.
From firmware release 2026.0 LTS on, that overview is placed on the PLCnext Technology Apps tab.

PLCnext Technology Apps are provided in the PLCnext Store for direct installation to the decive (called "online installation"), or for download to the computer and installation via this Web‑based Management page (called "offline installation"). See PLCnext Store resources for more details.

↓ App management page – 2025.0 example

App licenses

Developers of PLCnext Technology Apps distributed in the PLCnext Store can tie the use of their apps to a chargeable license. The license check result is displayed in this WBM 2 page for each installed app.

If the license check says Missing (No function) then even starting that app depends on an active license. In that case, purchase, install and activate a license in the System → License management WBM 2 page.

App signatures

Signing apps and checking those signatures before using downloaded apps is a measurement to detect tampering. Developers upload theirs apps in the PLCnext Store preferably with a developer signature. An additional PLCnext Store signature is created automatically after uploading the app to the PLCnext Store

In this WBM 2 page, the signature verification status is always displayed in the last saved state.

From firmware 2026.0 LTS

By default, the firmware is set so that users can only install apps with a valid PLCnext Store Developer signature and a PLCnext Store signature. 

The signature is always re‑checked when the system is restarted. If the corresponding toggle switch is enabled, the signature is re‑checked when the app is started. 

Expiration of time-limited signatures

The app signature includes a signed timestamp, which is verified against the local system time and the certificate in the corresponding Trust Store. The signature is not checked against the app's installation date. Apps that are already running when the time limit expires are keeping their state regardless of the timestamp, but they cannot be started again. After rebooting, if a certificate has expired in the meantime this is also shown in the WBM 2.

If the signature verification stays enabled (see Configuration), then the signatures of already installed apps are checked at firmware startup. If the app signature is missing, or if its verification fails, then the regarding app is not started. The signature verification result for each app is shown in this WBM 2 page.

Handling apps

Only the Admin user role is allowed to install apps that have been downloaded from the PLCnext Store before.

  • To install an app, click the Install a PLCnext Technology app button and navigate to the location of the regarding .app file on your computer. The following procedure is self-explanatory.
  • To uninstall an app, click the trash bin symbol in the regarding facet and follow the instructions.
  • To start or stop an app, click the Start or Stop button in the regarding app facet.

Note: If buttons in this WBM 2 page are inactive (gray) then a function is prohibited for reasons:

  • If the Install a PLCnext Technology app button is inactive (gray) then the App Manager is busy checking, installing, or uninstalling apps; just wait until the button becomes active (bluegreen) again.
  • If the Start button for an app is inactive (gray) then check the license and signature check results: 
    • If the license check says Missing (No function) then starting that app depends on an active license.
    • If the signature check says Invalid or Not available then the signature check failed but only signed apps are allowed (see Configuration).

Configuration

Valid from firmware release 2026.0 LTS

On the Configuration tab, the signature verification of apps can be configured.

↓ App management page, Configuration tab showing the default state with firmware 2026.0 LTS
  1. With firmware 2026.0 LTS or newer, this toggle switch is on by default, so only signed apps are allowed to be installed or started. Note: Phoenix Contact recommends to keep this function enabled. If enabled, then this restriction is also mentioned in the PLCnext Technology Apps tab of this WBM 2 page where users install or start an app.
    If this toggle switch is disabled, then apps without signatures as well as apps with valid or invalid signatures can be installed and started.
  2. In addition, the continuous signature re-verification at app start can be enabled.
    This toggle switch is off by default is disabled so developers can adapt their automation projects to an inevitable delay at app start. 
    If the signature check is disabled at 1 then the status of the re-verification toogle switch at 2 is just ignored (the switch turns gray). In that case, at app start a saved signature verification result from a previous verification on app installation or at system start is used instead. 

If the mandatory signature validation is enabled at 1, the checkboxes at 34, and 5 specify which signature types will be included:

  1. The PLCnext Store Developer signature type is generated by the app developer before uploading to the PLCnext Store.
  2. The PLCnext Store signature type is generated automatically during the developers' upload process to the PLCnext Store.

In order to validate those signature types, certificates must be present in the corresponding Trust Stores (see the Certificate Management WBM 2 page). From firmware 2026.0 LTS on, the PLCnext Runtime System is equipped with the PLCnext Store Developer and PLCnext Store Trust Stores that already contain the necessary Phoenix Contact root certificates to perform the signature verification for these types.

  1. The Operator signature type is an option for plant operators who want to allow only apps signed with their own signature (or certificate hierarchy).

In contrast to the aforementioned signature types, the Operator Trust Store to use for validating Operator signatures must be specified by the user by means of the drop-down list 6. Available Trust Stores are suggested, additional Trust Stores can be created in the Certificate Management WBM 2 page.

However, there are inherent dependencies between the signature types, so not all constellations are possible. Allowed constellations are:

  • PLCnext Store Developer + PLCnext Store + Operator
  • PLCnext Store Developer + PLCnext Store (this is the default)
  • PLCnext Store Developer + Operator
  • PLCnext Store Developer
  • Operator

To keep the handling simple for user, this WBM 2 page automatically corrects entries when ticking/unticking checkboxes to match an allowed constellation.

Legacy app handling

If an app without signature was installed and started before updating to firmware 2026.0 LTS or newer, then that legacy app is started anyhow. As long as the Allow only signed apps toggle switch is active, that app can be stopped and uninstalled but not started again via WBM 2

 

 

• Published/reviewed: 2026-03-24  ☃  Revision 091 •