How to resolve when the error "The remote certificate is invalid according to the validation procedure"?

Issue Description: "The remote certificate is invalid according to the validation procedure", while trying to connect Robot to Orchestrator .

Diagnosing Procedure:

1. Open a browser and go to the Orchestrator URL
2. If the certificate is self-signed, it will show a 'Not secure' icon in the browser. Here is an example:

3. If the above message is present (it may very in how it looks depending on the browser) click the not secure icon and view the certificate.
   • Check to see if the certificate is trusted. An invalid certificate will look like:
4. If the certificate is not trusted, go to the section Importing Self-Signed Certificates
   • After adding the certificate to the trust store (if needed) re-open the browser and go back to the Orchestrator URL.
   • Check to see if the Orchestrator URL still shows 'Not Secure' (Its import to close the browser completely and then re-open it. If this is not done, it will still show 'Not secure')
5. If the Orchestrator URL still shows 'Not Secure' but there is no warning that has to be accepted, the warnings need to be re-enabled.
   • Re-enable the security warnings
     • In most browsers this can be found by clicking the 'Not Secure' icon (Or it might just be a lock icon with a warning)
   • Usually the warning looks something like:

7. Once warnings are re-enabled, go to the site, and click the Advanced option. Once this is done, it should show the exact reason why the certificate is not trusted.
   • If the Error is something like NET::ERR_CERT_COMMON_NAME_INVALID go to the section Common Name Invalid
8. The error might reveal the issue, but if it does not, please open a ticket with UiPath Support so they can assist. When opening a ticket, please include the following:
   • Screenshot of the certificate warning in the browser (if any)
   • Robot Event viewer logs
     • eventvwr->Applications - All logs around the time the issue occurred.

Common Name Invalid

1. This means that the domain name of the site that is being accessed, does not have a corresponding entry in the certificates Subject Alternative Name Attribute (SAN)
   • In the past, a certificate only required, that the domain name of the site that is being accessed in the Subject/Common Name field, however, this changed with RFC2818. Sometime in 2020 all browsers started supporting this requirement.Open up the certificate as described in Step 3 of the Diagnosing section
     • i.e In the browser click the not secure icon and view the certificate.
2. Next, in the dialog window, go to the 'Details' section
3. Look for the Subject Alternative name Attribute. The Orchestrator domain name should be listed there.
   • For example, if the Orchestrator domain name is orch.uipath.com, there should be an entry that says: DNS Name=orch.uipath.com
   • If the name is not present, the certificate needs to be re-issued. See How to use a Certificate for Https Protocol
   • Your domain admin should be able to help in resolving this
4. Note: Wild care certificates are only valid for a single level of a domain. For example, an entry like: *.uipath.com is valid for orch.uipath.com but not dev.uipath.com.
5. The other possibility is that the Orchestrator hostname is defined incorrectly. For example. perhaps the domain name defined for Orchestrator in the URL is orch.uipath.com, but it should be orchestrator.uipath.com.
   • In this case the certificate probably needs to be re-issued, or the URL for Orchestrator changed:
     • See How to Change the Orchestrator / Identity Server URL
     • Note: In this case, both the Orchestrator and Identity Server URL would need to be updated.

Importing Self-Signed Certificates

1. Export the certificate used in the Orchestrator machine.
   • This can be done from the browser, after viewing the certificate, go to 'Details' and select 'Copy to File...'
2. Copy the certificate on the Robot machine from where it is tried to connect to Orchestrator
3. Start a new MMC from the run command
4. File --> Add/Remove Snap-In
5. Click Add
6. Choose Certificates and click Add
7. Check the "Computer Account" radio button. Click Next
8. Choose the client computer on the next screen. Click Finish
9. Click Close
10. Click OK
11. Now install the certificate into the Trusted Root Certification Authorities certificate store. This will allow all users to trust the certificate.