1 of 1 people found this helpful
The error message is mentioning that the certificate does not contain the subject alternative name of the IP you are using.
By default, the self-signed certificate that is created by the PI Web API machine contains the following three entries: FQDN (if available), Host name and "localhost" and it will not include the IP address of the machine. Thus, even if you install this self-signed certificate on a remote machine and try to access the machine using this IP address, you will run into such warnings.
Is it possible to create a new certificate that includes the IP address? Or instead, is it possible to access it using a machine or FQDN name?
Thank you for your reply.
However we tried to access it using machine name, but again received the same error.
Is it possible to create a new certificate: Shall we create a local certificate with IP address or create a new WEB API certificate with IP Address, if we have to create a new WEB API certificates, could you provide us the steps?
For creating a certificate, there are many options. The easiest, maybe to create a new self signed certificate for the PI Web API machine and trust that certificate on your client machine.
And this is made even easier, if you have access to IIS on that machine. Create and export a self-signed certificate
If you don't have IIS, then it powershell would be an option: New-SelfSignedCertificate
This is a certificate error. You are accessing your PI Web API host by its IP address. Has the certificate been issued for the IP address, the hostname or maybe even the FQDN of your PI Web API host?
When using the same URL (https://172.16.86.219/piwebapi/) in a browser, the browser will likely inform you about a certificate issue too. Instead of ignoring, you should make sure the certificate is in the local Trusted Certificates Store.
In C# you can ignore the SSL certificate validation errors, I'm sure Java has similar function. I typically do this during development as waiting for IT to get a certificate setup may take some time. I wouldn't suggest doing that in production code.