How to change the Identity Server Signing Certificate?
Issue Description : How to change the Identity Server Signing Certificate? With 20.4+ Orchestrator now relies on the Identity Server for authentication. The Identity Server uses a signing certificate and sometimes needs to be updated.
Background : The Identity Server signing certificate is used for authentication. It is usually the same as the Orchestrator certificate, but that is not a requirement. Additionally it can be a self-signed certificate. If there are multiple Identity Server nodes, they must all reference the same signing certificate.
More information can be found at Signing Requirements .
Updating the Identity Signing Certificate -
Find the new certificate to be used for signing, by following below steps
<ul><li> <p>Open Manage Computer Certificates app, from Start->Run->type certlm.msc and OK</p> </li><li> <p>Go to the personal node and locate the certificate</p> </li><li> <p>Open the certificate and go to the 'Details' tab and get the thumbprint</p> </li><li> <p>On Windows 2016 server, the thumbprint may have some special hidden characters. See the animation involving notepad++ in the following <a href="https://docs.uipath.com/orchestrator/docs/setting-orchestrator-to-use-a-private-key-certificate#setting-orchestratoridentity-server-to-use-the-certificate" target="_blank">link </a>for removing the character</p> </li><li> <p>If this step is not done, the special character will show up as a '?' when executing the command that is being constructed. It can just be deleted.</p> </li></ul> </li><li> <p>Use the thumbprint to run the <a href="https://docs.uipath.com/installation-and-upgrade/docs/platform-configuration-tool" target="_blank">Platform Configuration Tool</a> : </p> <ul><li> <p>The command to run is: <i>C:\Program Files (x86)\UiPath\Orchestrator\Tools\UiPath.Platform.Configuration.Tool\Platform.Configuration.Tool.ps1 UpdateUiPathCertificate -NewTokenSigningThumbprint <thumbprint> -SiteName UiPathOrchestrator</i></p> </li></ul> </li><li> <p>Open certlm.msc</p> </li><li> <p>Under the Personal node, find the new SSL certificate</p> </li><li> <p>Right click->All Tasks->Manage Private Keys</p> </li><li> <p>Click Add</p> </li><li> <p>Change the location to the current computer.</p> </li><li> <p>Add the user 'IIS APPPOOL\Identity' and give the user Full control and Read</p> </li></ol>