How to change the Identity Server Signing Certificate

How to change the Identity Server Signing Certificate?

Issue Description:
How to change the Identity Server Signing Certificate? With 20.4+ Orchestrator now relies on the Identity Server for authentication. The Identity Server uses a signing certificate and sometimes needs to be updated.

Background:
The Identity Server signing certificate is used for authentication. It is usually the same as the Orchestrator certificate, but that is not a requirement. Additionally, it can be a self-signed certificate. If there are multiple Identity Server nodes, they must all reference the same signing certificate.

More information can be found at Signing Requirements.

Updating the Identity Signing Certificate

  1. Find the new certificate to be used for signing, by following the below steps:
    • Open Manage Computer Certificates app, from Start->Run->type certlm.msc and OK
    • Go to the personal node and locate the certificate
    • Open the certificate and go to the 'Details' tab and get the thumbprint
    • On Windows 2016 server, the thumbprint may have some special hidden characters. See the animation involving notepad++ in the following link for removing the character
    • If this step is not done, the special character will show up as a '?' when executing the command that is being constructed. It can just be deleted.
  2. Use the thumbprint to run the Platform Configuration Tool:
    • The command to run is: C:\Program Files (x86)\UiPath\Orchestrator\Tools\UiPath.Platform.Configuration.Tool\Platform.Configuration.Tool.ps1 UpdateUiPathCertificate -NewTokenSigningThumbprint -SiteName UiPathOrchestrator
  1. Open certlm.msc
  2. Under the Personal node, find the new SSL certificate
  3. Right click->All Tasks->Manage Private Keys
  4. Click Add
  5. Change the location to the current computer.
  6. Add the user 'IIS APPPOOL\Identity' and give the user Full control and Read
3 Likes

While executing above script we are receiving below error. Could you please help to sort out?