1 of 1 people found this helpful
A good practice is to simply disable support for legacy SSL as per Microsoft advisory.
The main caveat involves cases where PI WebAPI was deployed on an existing web server with legacy applications. Hopefully this isn't the case and you are free to harden the server configuration.
A stronger certificate carries potential for the same kind of compatibility issues in reverse (at least until older browsers are retired).
Production grade certificates available from reputable authorities may be the most appropriate long term solution - especially in large enterprises and internet facing scenarios.