How to install pWidgets Self-Signed Certificate

Overview

This article will show you how to set up your pWidgets to use https vs http.  It will guide you thought the steps to create the self-signed certificate. It will also go over how to have the clients see the certificate.

Requirements

Access to PC/Server where pWidgets is installed

Local Administrator Rights

pWidgets Admin account

How to create and set pWidgets Service to use https

By default, pWidgets Home View automatically creates a self-signed certificate using the server/host computer's DNS name and IP address. 

Please ensure that HTTPS is selected as the web protocol under Service Settings.

1. While holding Shift, right click pWidgets Home View shortcut and click Run as administrator
   
2. Enter username and password
   
1. Default credential is "Admin" for both username and password
   
3. Click Login
   
4. Click Global Settings
5. Click Datebase Connection
   
6. Click the dropdown for http and change to https
   
7. Click the icon next to the blank box certificate name
   
8. In the new popup
   
9. Click in the blank text box next to Certificate Name
   
10. Type Name you would like
    
11. Click ReGenerate Certificate
    
12. Wait for a few moments
    
13. Click Ok
    
14. Click Open Folder
    
15. Confirm new certificate is in there
    
16. Click Ok
    
17. Type certificate name in blank box next to Certificate Name
    
18. Click Save Settings
    
1. 
2. 

Upon creation, the certificate will be installed in the Trusted Root Certification Authorities and automatically exported ( .cer) to the default Nexas resource folder located at: 

C:\Nexas America\Self Signed Cert.  

The exported certificate is required on client computers to recognize the site as secure and avoid HTTPS security warnings. This certificate should be installed on each client machine. 

There are two ways to install Self-Signed Certificates.  Please look at both steps below to figure out what is best for your company

1. Local per computer
2. Group Policy (GPO) 
   

To install the Self-Signed certificate

1. Double-click the .cer file. 
   
2. Click Install Certificate. 
   
3. Choose Local Machine (admin required)
   
4. Select Place all certificates in the following store → Trusted Root Certification Authorities
   

To install a self-signed certificate via Group Policy (GPO) so that it's automatically trusted on all domain-joined client PCs

Prerequisites

1. A  .CER file (not .PFX) exported from your self-signed certificate. 
   
2. Domain admin rights. 
   
3. Access to Group Policy Management Console (GPMC) on a Domain Controller
   
4. Make sure both server and clients are joined to the same Active Directory domain
   

Steps to Install the Certificate via GPO 

1. Open Group Policy Management 
   
1. Run gpmc.msc on your Domain Controller
   
2. Create or Edit a Group Policy Object (GPO) 
   
1. Navigate to your domain or target Organizational Unit (OU)
   
2. Right-click it and choose Create a GPO in this domain
   
3. Name it (e.g., Install Self-Signed Cert) and click OK
   
3. Edit the GPO
   
1. Right-click the GPO and choose Edit. 
   
4. Go to Certificate Store Policy
   
1. Inside the Group Policy Editor, navigate to: 
   
1. Computer Configuration
   
1. Policies
   
2. Windows Settings
   
3. Security Settings
   
4. Public Key Policies
   
5. Trusted Root Certification Authorities
   
5. Import the Certificate
   
1. Right-click Trusted Root Certification Authorities and select Import
   
2. Browse for your .CER file and complete the wizard
   
6. Link the GPO to the Target OU
   
1. In Group Policy Management, right-click the desired OU (containing the computers), select Link an Existing GPO, and choose the GPO you just created
   
7. Force Group Policy Update (optional). Simply reboot the machine to apply the policy
   

Verify on a Client PC 

1. Open certmgr.msc (or mmc.exe with Certificates snap-in)
   
2.  Go to:
   
1. Trusted Root Certification Authorities → Certificates
   
3. Confirm the self-signed certificate is listed and trusted

• Related Articles

• How to Obtain pWidgets License Base Code

  Overview This article will show you how to obtain the License Base Code, or simply Base Code, to generate a license key. Requirements Access to PC/Server where pWidgets is installed Local Administrator Rights pWidgets Admin account Obtain License ...

• Why are directories in pWidgets HMI not loading?

  Problem When attempting to send or receive using pWidgets HMI, the directory shows up empty or displays an error message. Reason The service account used with pWidgets does not have sufficient permissions to the directories Solutions Check if the ...

• How to License pWidgets

  Overview This article will show you how to enter a license key into pWidgets. This applies to both temporary and permanent licenses as well as DNC, HMI, and MDC versions. Requirements Access to PC/Server where pWidgets is installed Local ...

• Why is pWidgets HMI not loading in the browser?

  Problem pWidgets HMI is not loading in the browser Reason pWidgets service is likely not running Firewall is blocking access to TCP port 8081 Solutions Start the pWidgets Service on the server Allow TCP port 8081 on the server

• How to create a Tile in pWidgets HMI

  Overview This article will demonstrate how to create a tile in pWidgets HMI. Requirements Access to pWidgets HMI pWidgets Admin account Changing Default Directories and Extensions Open up your internet browser, e.g. Edge or Chrome Go to the URL, e.g. ...