[Automation Suite][Certificate]Export TLS certificate and apply it for identity certificate

News Knowledge Base
1

How to export TLS certificate and apply it for an identity certificate?


ISSUE

Diagnostic tools indicate that the identity token-signing certificate has expired, and the customer does not possess the certificate that was applied for TLS certificates.

RESOLUTION

Automation Suite requires two certificates at the time of installation.

  • Server certificate – required for TLS communication between the client and the cluster;
  • Identity token-signing certificate – required to sign the authentication token.

There are scenarios like:

  1. Customers updated the Server certificate but forgot to update the Identity token-signing certificate.
  2. Diagnostic tools indicating that the Identity token-signing certificate has expired, and the customer does not have the certificate that was applied for TLS certificates.

Export the server certificate and apply it for the identity certificate.

  1. Navigate to /opt/UiPathAutomationSuite directory
# cd /opt/UiPathAutomationSuite

  1. Create a folder where certificates can be exported

# mkdir certs

  1. Export the certificates into the certs folder

# ./configureUiPathAS.sh tls-cert get --outpath certs/

  1. Apply the exported certificates into the identity certificate

# ./configureUiPathAS.sh identity token-cert update --cert-file-path certs/tls.crt --cert-key-file-path certs/tls.key

  1. Rotate the certificate

# ./configureUiPathAS.sh identity token-cert rotate