Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

TABLE OF CONTENTS

Configure PCS certificates at installation

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedDec 15, 2025
  • 2 minute read

Platform Common Services (PCS) certificates for TLS communications can be configured at installation. PCS certificates handle automatic certificate rotation for all installed PI Server components. There are two ways to configure PI System services to use PCS certificates:

  • Method 1: At installation by selecting the Configure certificate for TLS Encryption option in the PI Server install kit

  • Method 2: Using the OIDC Configuration tool's Platform option

Prerequisites:

Complete the following task before configuring PCS certificates:

Method 1: Configure PI System services to use PCS certificates

  1. Install PCS for the PI System on PI Server machines:

    1. To ensure that certificates are received and applied from SMS, install and configure PCS on all PI Server nodes to enable connections to the SMS machine. In this setup, PI Server nodes act as SMS client nodes. See Connect a machine to a System Management Server.

    2. Install PI Server services on nodes separate from the System Management Server (SMS) machine.

      Note: The Configurator utility is a part of the PCS installation and setup process. It helps ensure that certificates are correctly applied across all machines in your PI System, enabling trusted relationships and certificate distribution between all PI Server components.

  2. Ensure that the PCS certificate is selected at or after installation.

    If you completed the previous step of installing PCS and configuring PCS certificates, the SSL Certificate thumbprint for the PCS-issued certificate is automatically selected during installation if the Configure certificate for TLS Encryption option is selected in the PI Server installation kit. See step 10 in Install Data Archive.

  3. When certificates are rotated by PCS, AF Server, PI Notifications Service, and PI Analysis Service will need to be restarted in order for the new certificate to take effect.

    Important: When using PCS-issued certificates for TLS communications, you must set the certificate mode for all PI System services and client nodes to either AllowExpiredOrRevoked or None (not recommended).

Method 2: Use the OIDC Configuration tool to configure PCS certificates

You can also use the OIDC Configuration tool to configure PCS certificates after a PI Server installation. The Platform option directs PI Server products to automatically use PCS-generated certificates without requiring the certificate thumbprint value. This option also configures the required TLS certificate mode (Allow, Expired or Revoked).

  1. Open a Windows command prompt with administrative privileges and change the directory to \PI\adm or \PIPC\AF.

  2. Specify Platform (PCS) as the certificate thumbprint value:

    Aveva.PI.OIDCConfigurationTool.exe /CERTIFICATETHUMBPRINT:Platform /AFSERVER /PIDATAARCHIVE /PINOTIFICATIONS /PIANALYTICS

  3. Restart all PI Server components to apply the changes.

    In This Topic
    TitleResults for “How to create a CRG?”Also Available in