Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

Custom certificate renewal with Microsoft Management Console (MMC) or Windows PowerShell

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Custom certificate renewal with Microsoft Management Console (MMC) or Windows PowerShell

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 13, 2025
  • 2 minute read

For organizations that prefer custom control over certificate renewals, the Microsoft Management Console (MMC) and Windows PowerShell offer reliable tools for managing and renewing certificates in AVEVA PI Server 2024 R2. This section explains how to manually renew certificates using either MMC or the Switch-Certificate cmdlet in PowerShell, providing flexibility for environments that require manual intervention.

Using MMC and Windows PowerShell

You can also renew certificates using the Microsoft Management Console (MMC) or Windows PowerShell Switch-Certificate cmdlet:

  • The Microsoft Management Console (MMC) is used if the certificate was created with Active Directory Certificate Services and includes template renewal information.

  • The Windows PowerShell Switch-Certificate cmdlet can be used to replace an old certificate with a new one. It also adds a message to the event log that certificate renewal took place.

Prerequisite:

Verify that the certificate lifecycle (system) channel is enabled and can generate and receive messages as explained in Certificate Services Lifecycle Notifications. This channel is crucial for tracking certificate renewals and swaps, enabling PI Server to monitor and respond to certificate changes effectively.

Use Microsoft Management Console (MMC) to renew certificates

  1. To open Microsoft Management Console, enter certmgr.mmc in the Windows search bar, then press Enter.

  2. In the console, locate the current or old certificate.

  3. Right-click the certificate, then select All Tasks.

  4. Select Renew Certificate With New Key. This option is also located under Advanced Operations.

  5. Follow the prompts in the dialog to complete the renewal process.

Use PowerShell to renew certificates

Use the PowerShell Switch-Certificate cmdlet to renew an old certificate. See the Microsoft article: Switch-Certificate.

Note: Data Archive monitors the event log for specific indicators that a certificate swap has occurred. This process operates online, allowing Data Archive to remain active and detect certificate renewals in real-time. There is no requirement to restart Data Archive for it to recognize and apply the certificate change, maintaining uninterrupted service and security.

In This Topic
TitleResults for “How to create a CRG?”Also Available in