Understand certificate management for AVEVA PI Server

Certificate management ensures the integrity of secure communications between PI clients and PI Server. Certificate management is necessary for both transport layer security (TLS) and OpenID Connect (OIDC) authentication. AVEVA PI Server 2024 R2 supports two methods of certificate management and renewal:

• Automatic certificate renewal through Platform Common Services (PCS)

• Custom certificate renewal (without PCS)

  Note: Data Archive and AF products (AF Server, PI Notifications Service, and PI Analysis Service) require certificates that use TLS and OIDC authentication.

Automatic certificate renewal by Platform Common Services (PCS)

Automatic certificate management through PCS reduces the need for manual intervention, and is preferred by organizations who wish to offload the burden of certificate management. See Automatic certificate renewal with Platform Common Services (PCS).

Custom certificate renewal

This option provides more control over the certificate renewal process, but requires regular monitoring and intervention. Custom certificate management is generally chosen by customers who...

• Want strict control of certificate processes

• Do not want to use Platform Common Services (PCS) for automatic certificate renewal.

In this case, customer certificate renewal must be handled manually. See Custom certificate renewal (without PCS) .