Hi,
I’m trying to perform prechecks for UiPath upgradation from 2020.10 to 2022.10. I ran platform configuration tool from my orchestrator server and all checks are passed except SSL certification verification.
During my certificate verification, tool has given a warning saying “Could not determine access rights for the private key of the signing certificate.”
How to resolve this to verify certificate before proceeding for upgrade.
An internal server error may occur if the certificate does not have the appropriate permissions set. Run the following as Admin to grant the necessary permissions:
import-module WebAdministration
$siteName = 'UiPath Orchestrator'
$binding = (Get-ChildItem -Path IIS:\SSLBindings | Where Sites -eq $siteName)[0]
$certLoc = "cert:\LocalMachine\MY\$($binding.Thumbprint)"
$cert = Get-Item $certLoc
$keyPath = $env:ProgramData + "\Microsoft\Crypto\RSA\MachineKeys\"
$keyName = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keyFullPath = $keyPath + $keyName
$acl = (Get-Item $keyFullPath).GetAccessControl('Access')
$permission="IIS_IUSRS","Full","Allow"
$accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$acl.AddAccessRule($accessRule)
Set-Acl -Path $keyFullPath -AclObject $acl
Reference: Using a Certificate for the HTTPS Protocol
Hi, thanks a lot.
In test orchestrator server, I’m facing a different error. Could you please help me to find the solution for below.
We do have a valid certificate installed and test orchestrator (version 2020.10) is up & running.
But when I tried to run platform-configuration-tool, it is giving below error from Test Orchestrator server.
Try the solution from here ⚙ Platform Configuration Tool
The following example enables you to update the Orchestrator SSL and the Identity Server token-signing certificates.
.\Platform.Configuration.Tool.ps1 `
-UpdateUiPathCertificate `
-KeepOldCertificate $false
-SiteName "UiPath Orchestrator" `
-NewSSLThumbprint "a1b2c3d4" `
-NewTokenSigningThumbprint "z6y5x4v3"
Make sure the certificates have the appropriate permissions set to prevent an internal server error. Refer to Troubleshooting Certificates for more details.
If the private key has not been added to the certificate, you can add it manually by taking the following steps:
If the above didn’t help, before raising a ticket with the Support team, check the below:
Review and complete the pre-requisites mentioned in the below link
⚙ Platform Configuration Tool
Make a backup copy of the Identity/appsetting.Production.json file and then
check the thumbprint in the Orchestrator\Identity\appsetting.Production.json file
and make sure it matches the thumbprint for the current certificate being used.
If it does not match, please update it.
If it does look to match, please check and make sure there are no hidden characters
at the beginning of the string or spaces in the string.
To check for hidden characters, please follow the below steps:
In Notepad++, go to the Encoding tab and select ‘Encode in ANSI’. (This highlights the hidden characters)
If a hidden character exists, remove it and repaste it in the Identity\appsettings.Production.json file
Perform iisreset via admin command prompt after removing the hidden character.
If the above does not fix the issue, please share the below:
Complete output of the readiness check execution as shown in the below link after performing the above steps
⚙ Platform Configuration Tool
A screenshot of the command that you are executing in Powershell.
In Manage Computer Certificates, right-click on the certificate in the Personal folder. Click All Tasks → Manage Private Keys. Please share a screenshot of this page
Please also share the Identity/appsettings.Production.json file.