Skip to Content
Author's profile photo Former Member

Adding Certificates to PI

One of the things that has been coming up more often is SSL communication.  We have been dealing with third party companies and internal departments requiring communication via SSL. 

A couple of things to remember when trying to get SSL working.

  1. Ensure that the SSL certificate you are importing has the full certificate chain contained inside of it.  If it does not you can go to the public CA and import their certificates in order to get the certificate working.
    1. If you get an error similar to the follow in Windows, you need to get the CA Root cert installed before you will be able to use the cert in PI.
    2. Untitled picture7.png
  2. For FTPs PI 7.1 can only use Explicit Encryption! You will need to work with your third party vendor to have their FTPs server setup to use Implicit Encryption for your connection.

I put together the below document for our Basis team on adding certificates to PI.

  • Log into NWA
  • Go to Configuration Management -> Security -> Certificates and Keys
  • Untitled picture.png
  • Select the TrustedCAs, then click import entry.
  • Untitled picture2.png
  • Select the certificate type
  • Untitled picture3.png
  • Browse out to the certificate and click import
    • If the certificate does not have the fully chain in it and it’s a public cert, grab a cert for the CA and install it as well
  • Public CA for IndustrySafe
  • Untitled picture4.png
  • Industry safe cert
  • Untitled picture5.png
  • In the below section you can check to see if the certificate was imported successfully.
  • Untitled picture6.png

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Very Interesting.. Do you know if "Implicit Encryption" is available in 7.3?

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      We are still in the process of testing 7.3 for upgrading our PI environment and as far as I can tell it is not.

      Author's profile photo Former Member
      Former Member

      Hi Tony,

      Thanks for the documentation, we have a vendor who is using self signed certificate and wants us to import their certificate into our PI system. Which certificate should I import (Base/Intermitent/Root) into my system.

      Also as mentioned in you document import the "full certificate chain contained inside of it.",

      so what exactly you mean by "full certificate chain contained inside of it.".

      1 more thing is, can we make this certificate available in communication channel in Integration builder. I believe only private keys are visible in communication channel.



      Author's profile photo Mykhaylo Beley
      Mykhaylo Beley

      Certificates have Expiry date. Does it mean we will need to reimport new ones before old one expires?

      Also could you point me what to look for to reimport those from the sites with some kind of script when the source sites get updated with new certificates?