I’m trying to perform prechecks for UiPath upgradation from 2020.10 to 2022.10. I ran platform configuration tool from my orchestrator server and all checks are passed except SSL certification verification.
During my certificate verification, tool has given a warning saying “Could not determine access rights for the private key of the signing certificate.”
How to resolve this to verify certificate before proceeding for upgrade.
An internal server error may occur if the certificate does not have the appropriate permissions set. Run the following as Admin to grant the necessary permissions:
Make sure the certificates have the appropriate permissions set to prevent an internal server error. Refer to Troubleshooting Certificates for more details.
If the private key has not been added to the certificate, you can add it manually by taking the following steps:
To locate the private key, start Internet Information Service (IIS) Manager, and select Application Pool. You should find the private key for each service under the Identity column.
Go to Manage Computer Certificates under Control Panel.
Go to Personal/Certificates.
Right-click New certificate, then go to All Tasks > Manage PrivateKey to add the private key.
Make a backup copy of the Identity/appsetting.Production.json file and then
check the thumbprint in the Orchestrator\Identity\appsetting.Production.json file
and make sure it matches the thumbprint for the current certificate being used.
If it does not match, please update it.
If it does look to match, please check and make sure there are no hidden characters
at the beginning of the string or spaces in the string.
To check for hidden characters, please follow the below steps:
In Notepad++, go to the Encoding tab and select ‘Encode in ANSI’. (This highlights the hidden characters)
If a hidden character exists, remove it and repaste it in the Identity\appsettings.Production.json file
Perform iisreset via admin command prompt after removing the hidden character.
Please also make sure that the certificate being used for Orchestrator and Identity is in the Personal Folder of the Local machine.
You can do this by Opening Manage Computer Certificates → Personal → Certificates. If this is a Self Signed Certificate, please also make sure to add the certificate to the Trusted Root folder.
You can open the certificate in both of these locations by double-clicking on the certificate and validating that the thumbprint located in the details matches what is in Identity/appsetting.Production.json.
If the above does not fix the issue, please share the below:
Complete output of the readiness check execution as shown in the below link after performing the above steps ⚙ Platform Configuration Tool
A screenshot of the command that you are executing in Powershell.
In Manage Computer Certificates, right-click on the certificate in the Personal folder. Click All Tasks → Manage Private Keys. Please share a screenshot of this page
Please also share the Identity/appsettings.Production.json file.