Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI to CONNECT Agent

TABLE OF CONTENTS

Enable certificate revocation check

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 08, 2026
  • 1 minute read

The appsettings.json file contains a CheckCertificateRevocationList parameter. This is set to false by default, to avoid connection failures for agents that do not have access to public certificate authority endpoints (CRL/OCSP).

It is recommended that CheckCertificateRevocationList be set to true wherever possible, so that proper certificate revocation checks are performed and a higher security posture is maintained. To allow for certificate revocation checking, outbound access from the agent machine to the relevant DigiCert endpoints must be allowed, including:

  • http://ocsp.digicert.com

  • http://crl3.digicert.com

  • http://crl4.digicert.com

  • http://cacerts.digicert.com

In secured or offline networks, either access to these endpoints should be provided and CheckCertificateRevocationList set to true, or the default value of false should be retained with the understanding that certificate revocation will not be validated in that configuration.

To enable the certification revocation check:

  1. Open an administrator command prompt and navigate to %ProgramData%\OSIsoft\PItoOCS.

  2. Run the command:

    notepad.exe appsettings.json

  3. Update the value of the CheckCertificateRevocationList parameter to true.

  4. Save the changes and restart the PI to CONNECT Agent service with the commands:

    net stop pitodatahubagent

    net start pitodatahubagent

TitleResults for “How to create a CRG?”Also Available in