Problem with cert in Windows Orchestrator installation

Hi!
I am trying to install orchestrator and on the first step “Orchestrator IIS Settings” get an error “The certificate with subject xxx does not have signing capabilities.”

I am quite new on all of this. Can you please provide me?
Thank you!

1 Like

@Rekses

Check below documentation

Hope this helps you

Thanks

Thank you! I have already read and re-read and re-read it again for several hours :innocent: But maybe I missed something and don’t see it…

@Rekses

In this case your network team can help you

If possible share your error screen too

Thanks

1 Like

Hi @ksrinu070184

I consulted our Orchestrator team and apparently this error shows up because there is a stronger than needed validation of the SSL certificate.

In order to get over the step the certificate needs to have a private key.

1 Like

@Rekses

Check @loginerror reply

Hope it resolves your issue

Thanks

Thank you! I will check it soon and come back. :innocent:

1 Like

So, It happen again.
Certificate HAS a private key:
image
And it installed in the right places.
:disappointed_relieved: What else should I check?

@loginerror, @ksrinu070184 Can you help, please? :pray:

@Rekses

Still facing same issue?

I suggest better to raise this concern to Technical team of UiPath

As you have Enterprise License, you can reach Technical support

Thanks

1 Like

@Rekses are you using the updated 20.4.3 installer? It should just give you a warning.

Hello! I use v2020.4.3 installer and it didn’t give me skip this step.

Hi Rekses, I have the same problem and I still can’t find answers, could you find a solution?

1 Like

Hello Brandoescalante, We are still finding. If we solve it I will share be sure :+1:
By the way what have you tried?

Hi,
unfortunately, we are only trying to understand whether it is worth buying this solution, so we only have a trial key.

@Rekses We are facing the same issue. We followed the steps mentioned excatly as it is mentioned in the documentation. So you have company !

What we are currently trying to do:

  1. Install using uipathorchestrator.msi by using a self-signed certificate
  2. Replace certificate with our organization trusted certificate

Once Step 1 is done, we will try and update the certificate with our organization Trusted Certificate. This way we hope to avoid the “stronger than needed validation” during the installation stage as @loginerror mentioned. This is however a theory for now!

The challenge is that there is no detailed information about what properties a trusted certificate needs to have for 20.4.3 version which also requires a Identity Server configuration (the ones mentioned in the documentation is surely not enough)

4 Likes

Thank you for reply, guys @brandoescalante. I feel myself much better when I know that not alone :heart_eyes:

1 Like

The validation for the SSL or the signing certificates looks for the PrivateKey property of the certificate, which sometimes is empty (although the certificate has a private key). Before installing, you can check from Powershell if this is the case with your certificate.

(gci Cert:\LocalMachine\My\your_cert_thumbprint).PrivateKey

If the result is empty, then you may try the workaround suggested above - install with a self signed certificate, then switch to your CA certificate. Create the certificate with from Powershell, and then add it to the Trusted Root store.

New-SelfSignedCertificate -DnsName your.host -subject MyCert -KeySpec KeyExchange

For SSL, just switch the certifcate in the IIS binding.
For the Identity certificate, change the thumbprint in the configuration as described here and set permissions as described here.

2 Likes

An update.
Step 1 worked well as we assumed and got access to the orchestrator.
However Step 2 is not so straight forward. We have tried what @Vlad_Tudoran mentioned before calling it a day yesterday. No success yet.

Will keep this thread updated, when we find a solution.