How to change the Identity Server Signing Certificate

How to change the Identity Server Signing Certificate?

Issue Description : How to change the Identity Server Signing Certificate? With 20.4+ Orchestrator now relies on the Identity Server for authentication. The Identity Server uses a signing certificate and sometimes needs to be updated.

Background : The Identity Server signing certificate is used for authentication. It is usually the same as the Orchestrator certificate, but that is not a requirement. Additionally it can be a self-signed certificate. If there are multiple Identity Server nodes, they must all reference the same signing certificate.

More information can be found at Signing Requirements .

Updating the Identity Signing Certificate - 

  1. Find the new certificate to be used for signing, by following below steps

    <ul><li>
    	<p>Open Manage Computer Certificates app, from Start-&gt;Run-&gt;type certlm.msc and OK</p>
    	</li><li>
    	<p>Go to the personal node and locate the certificate</p>
    	</li><li>
    	<p>Open the certificate and go to the 'Details' tab and get the thumbprint</p>
    	</li><li>
    	<p>On Windows 2016 server, the thumbprint may have some special hidden characters. See the animation involving notepad++ in the following&nbsp;<a href="https://docs.uipath.com/orchestrator/docs/setting-orchestrator-to-use-a-private-key-certificate#setting-orchestratoridentity-server-to-use-the-certificate" target="_blank">link&nbsp;</a>for removing the character</p>
    	</li><li>
    	<p>If this step is not done, the special character will show up as a '?' when executing the command that is being constructed. It can just be deleted.</p>
    	</li></ul>
    </li><li>
    <p>Use the thumbprint to run the <a href="https://docs.uipath.com/installation-and-upgrade/docs/platform-configuration-tool" target="_blank">Platform Configuration Tool</a> :&nbsp;</p>
    
    <ul><li>
    	<p>The command to run is:&nbsp;<i>C:\Program Files (x86)\UiPath\Orchestrator\Tools\UiPath.Platform.Configuration.Tool\Platform.Configuration.Tool.ps1 UpdateUiPathCertificate -NewTokenSigningThumbprint &lt;thumbprint&gt; -SiteName UiPathOrchestrator</i></p>
    	</li></ul>
    </li><li>
    <p>Open certlm.msc</p>
    </li><li>
    <p>Under the Personal node, find the new SSL certificate</p>
    </li><li>
    <p>Right click-&gt;All Tasks-&gt;Manage Private Keys</p>
    </li><li>
    <p>Click Add</p>
    </li><li>
    <p>Change the location to the current computer.</p>
    </li><li>
    <p>Add the user 'IIS APPPOOL\Identity' and give the user Full control and Read</p>
    </li></ol>