How to change the certificate if it gets expired in Orchestrator, v2020.4.x onwards?
Note: This is applicable for all versions.
- Import the certificate under Personal folder using the mmc, certificates console
- Give access for managing the private keys of the certificate for the user that runs the application pool, from the same Microsoft certificates console,
- Add IIS_IUSRS as well in the users along with the application pool user. Be sure to set the server as Location.
- Copy the certificate from the Personal folder to the Trusted Root Authorities folder if a self-signed certificate is used, as per the prerequisites.
- Find the thumbprint by viewing the certificate details
- Below are two options: If manual update desired, go to step 13-16 if it needs to be made automatically updated, check steps 7-12
- Automatic Certificate Change can be performed by referring the Platform Configuration Tool - Changing Certificates After Installation
- Go to the Platform Configuration Tool folder, under the Orchestrator installation folder ( usually C:\Program Files (x86)\UiPath\Orchestrator\Tools\PlatformConfiguration)
- In the folder Platform -> Click on file (1) -> Click on Windows PowerShell (2)-> Open Windows PowerShell as administrator (3),
- In a Notepad paste the script and replace inside the 2 values inside the quotes of a1b2c3d4 and z6y5x4v3 with the Thumbprint of the certificate.
.\Platform.Configuration.Tool.ps1 ` -UpdateUiPathCertificate ` -SiteName "UiPath Orchestrator" ` -NewSSLThumbprint "a1b2c3d4" ` -NewTokenSigningThumbprint "z6y5x4v3"
- Copy the script and paste it on the Command line and run it. This will automatically replace the thumbprint for the Orchestrator and identity server and also reset the server
- Open the browser and check if the Orchestrator is accessible
- Manual Certificate Change: Update the certificate thumbprint under AppSettings, by replacing the Certificate_thumbprint with the new value in the C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json .
- Open IIS Manager and modify the binding for the UiPath Orchestrator website,
- Run CMD as admin and execute "iisreset"
- Browse the website and check if the certificate has been loaded correctly.