Automation Suite Validating Certificate Failed

Resolution when Automation Suite Certificate update fails with " Validating Certificate..... failed" .

Issue Description: Automation Suite Certificate update fails with: Validating Certificate..... failed

Root Cause: There are a few reason why the validation of the certificates can fail. In most cases it will be that the wrong inputs to the update script were provided or that the new certificate is not valid.

Diagnosing / Resolving

  1. If using 22.4.0, there was a bug that would cause the following issue:
    1. [ERROR][2022-10-14T13:58:07+0000]: Validating Certificate..... failed
      [ERROR][2022-10-14T13:58:07+0000]: >>> Certificate <certificate name> does not have alm..<Automation Suite FQDN> in SAN
    2. Notice in the above that the SAN attribute contains ".."
    3. It should only contain one "." and this is a bug.
    4. To fix this issue, go to the directory that the script sits in.
    5. Download the attached file.
    6. Backup the old file.
      • mv Cluster_Configure\tls-cert\ update.sh_backup
    7. Relative to the directory of the script, replace the file Cluster_Configure\tls-cert\ with the new file. i.e. mv Cluster_Configure\tls-cert\
    8. Retry the validation. If it works make sure to delete the backedup file.
  2. If the above issue is not the problem the issue should be that the certificate is not valid.
  3. To check the certificate SAN attributes manually, the following command can be used:
    1. openssl x509 -in <certificate file> -noout -text 2> /dev/null | grep "DNS:"
    2. The certificate file in the above, should be the TLS certificate that will be used for the SSL encryption.
    3. The above should return the SAN attributes mentioned at Configuring The DNS
      • If the Automation Suite URL was https://autosuite.uipath.devtest, we would expect one of the following outputs
        1. DNS:autosuite.uipath.devtest, DNS:*.autosuite.uipath.devtest
        2. Or DNS: DNS:autosuite.uipath.devtest, DNS:alm.autosuite.uipath.devtest, ... etc.
  4. If the manual check seems valid, then run the tool with -d. We will want the logs captured, so when executing, ran the command as follows:
    • 2>&1 1>&3 | tee -a certificateValidationLog.log) 3>&1 | tee -a certificateValidationLog.log.