Unable to integrate Minio "HTTPS" with Orchestrator. Package publish failed


Has anyone tried integrating Minio-HTTPS with orchestrator? We have setup the minio with self-signed certificate to access it over HTTPS. Minio access is working from Orchestrator server and data can be uploaded manually. But after updating the details in UiPath.Orchestrator.dll.config file when we try to publish the package from Studio it’s getting failed. Also minio-HTTP integration is working fine without any issues and package can be uploaded. Only issue is with HTTPS. Can someone help me?

Minio-HTTP works without any issues:

I’ve seen it with HTTP Request activities so the same may apply for Publishing.

As you are using a self-signed certificate, import the certificate to your local machine where you are publishing from so that it is trusted and try again.

Have you check the logs for Studio as well as on Orchestrator (Event Viewer)?

@codemonkee - Hi Tim, sorry for the delayed response. Yes, the certificate is already imported to Orchestrator server(Studio is also in the same server) and access to minio over the browser is showing secure without any warnings. I did check the event viewer but not getting any details. I am wondering is there any change in the connection string if it’s HTTPS. I did try different ways including 443, console port, without ports etc but none of them worked.
Support team is not responding properly till now (could be a less priority issue to them). I couldn’t get any details with --enablelowlevel on robot. Not sure whether that will help for Studio related issues. Logs just say the error as it is, nothing more.

08:13:17.0810 => [ERROR] [UiPath.Studio.App.Logging.OutputLogger] [11] Error: Publish of Process project to Orchestrator failed. An error has occurred.
08:13:17.0810 => [ERROR] [UiPath.Studio.exe] [11] Error: Publish of Process project to Orchestrator failed. An error has occurred.

I’m just going through the motions of configuring Orchestrator with Minio in my sandbox environment, so bare with me as I go through the motions for the first time!

Quick clarification, the logs you show above appear to specifically by from Studio, did you check the logs for Orchestrator?

I would expect you to see a log like with the trace mentioning minio

System.Xml.XmlException: 'doctype' is an unexpected token. The expected token is 'DOCTYPE'. Line 1, position 3.

If you could detail the steps you have taken so far for both Orchestrator and Minio that would be helpful.

As a quick run though, this is what I’ve done so far

Minio Console

  • Created Service Account for user (Make note of Access Key / Secret)


  • Modified UiPath.Orchestrator.dll.config
    <add key="Storage.Type" value="Minio" />
    <add key="Storage.Location" value="host=localhost:9000;accessKey={key};secretKey={secret}" />
  • Restarted Orchestrator

After Orchestrator was up and running, I testing publishing a package and was successful, and it created the Storage structure for Processes

The one thing I’ll note is that the documents show an example using Port 9001, for the Minio Console, but the boot up script indicated port 9000 for the API.

I know you specifically asked about TLS/SSL, I’ll have to try and tackle that next and see how it goes. If not tomorrow, probably sometime next week. In the meantime if you could provide some indepth details on steps you’ve taken on your side that would be helpful.

1 Like

@codemonkee - Thank you for the response. I have put the Studio in same orchestrator machine to test it first. I can create a separate VM for Studio but that wouldn’t do any help here I guess.

Can you please let me know what Orchestrator logs are you referring to? If it’s the Event Viewer, please find the screenshot below when the upload failed in studio. It doesn’t show any errors. All I can find is Robot status check and Identity token messages. No warnings or errors (Screenshot is provided at the end). Only error I can find is the Studio Logs. Is there any other logs I can check?

Please find the steps I tried below.

  1. Brought up minio server with HTTP first. Have root user and root password stored in Environment variables. I haven’t created service account.

  1. Updated the connection string in UiPath.Orchestrator.dll.config file and restarted the orch from IIS.

API Port : 9000
Console Port : 9100

  1. Created a test package and published from Studio. Works fine.

Using TLS/SSL : Self-Signed certificate

  1. Downloaded OpenSSL from here : Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions
    Version - Win64 OpenSSL v1.1.1L I believe.

  2. After installing, added 2 environment variables for OpenSSL.
    OPENSSL_CONF - C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
    Path - C:\Program Files\OpenSSL-Win64\bin

  3. Updated the openssl.cfg file as below (Path : “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg”) with dummy details. SAN was mandatory with IP and DNS otherwise MC client was throwing me some certificate validation error. Rest of the details other than CN was just random inputs.

  1. Created the certificate and key using below command (need to run this inside OpenSSL cmd),

req -x509 -nodes -days 365 -newkey rsa:2048 -keyout C:\Users\jithinkp.minio\certs\private.key -out C:\Users\jithinkp.minio\certs\public.crt

  1. Certificate and key needs to be available in “.minio\certs” location.
  2. Brought up the minio again using the same command. Minio will start with HTTPS,

  1. Imported the public.crt to Orchestrator machine.
  2. Updated the connection string in UiPath.Orchestrator.dll.config file and restarted the orch from IIS. This info was provided by UiPath Tech Support, so I followed the same.

  1. Tried uploading a new process from Studio but fails.

  1. I can access minio with HTTPS in orch machine and upload manually.

  1. No information in Event Viewer of Orchestrator.

  1. Only log I can find is Studio Logs

Even tried converting .crt & .key certificate to .pfx and imported to Orchestrator, no luck. Tried with default HTTPS port 443 with minio and connection string without 443, not working.

Most probably it’s the certificate issue, but how/where to find the what’s going wrong?

Thought I will create a tutorial on this as it might be helpful to someone. Well, I m stuck.!! :expressionless:

I would Filter your logs for Source=Orchestrator just to ensure you’re not missing any logs when viewing.

Here are the steps I’ve gone through so far

  1. Generated Public Certificate Chain and Key

    • originally I exported as PKCS-8 which MinIO only supports the key as a PKCS-1. (Header would be prefixed with -----BEGIN RSA PRIVATE KEY----- and not -----BEGIN ENCRYPTED PRIVATE KEY-----
    • I also had to recreate the certificate with an IP SAN on top of the DNS SAN in order to log into the Minio Console Web UI.
  2. Separated the Cert Chain and Key into their respective files (private.key and public.crt)

  3. Added MINIO_CERT_PASSWD Environment Variable

  4. Launched Minio

    PS C:\Users\user> ./minio.exe server D:\Minio\Data --console-address ":9001"
    RootUser: minioadmin
    RootPass: minioadmin
    RootUser: minioadmin
    RootPass: minioadmin
  5. Updated UiPath.Orchestrator.dll.config with the following and restart IIS Site; Received the below error when attempting to publish a package.

    <add key="Storage.Location" value="host={hostname}:9000;accessKey={key};secretKey={secret}" />
    Unsuccessful response from server without XML error: 
    Unable to read data from the transport connection: 
      An existing connection was forcibly closed by the remote host..: Minio.Exceptions.InternalClientException: 
    Minio API responded with 
       message=Unsuccessful response from server without XML 
       error: Unable to read data from the transport connection: 
         An existing connection was forcibly closed by the remote host..
  6. I then tried with the following Storage.Location value and received No path allowed in endpoint

    <add key="Storage.Location" value="host=https://{hostname}:9000;accessKey={key};secretKey={secret}" />
    https://{hostname}:9000: No path allowed in endpoint.: Minio.Exceptions.InvalidEndpointException: Minio API responded with message=No path allowed in endpoint.
    at void Minio.RequestUtil.ValidateEndpoint(Uri uri, string Endpoint) in /q/.q/sources/minio-dotnet/Minio/Helper/RequestUtil.cs:line 107
  7. Next I tried tacking on common parameters for SSL such as ;WithSSL, ;UseSSL, ;UseTLS and received the following error

    System.ArgumentException: Parse error: The connection string has an invalid assignment (WithSSL). (Parameter 'connectionString')

Will keep digging!

1 Like

After some trial and error, I dug through UiPath’s Minio DLL files (UiPath.Storage.Minio.dll and Minio.dll)

I searched for properties/text such as “Secure”, “SSL”, “Https” and after trying a few properties from Minio.dll such as ;Secure as this is the property that sets the HTTPS flag in the Client (but failed), ended up locating a Boolean SslEnabled in the UiPath.Storage.Minio MinioStorageClientOptions

  1. Updating the Storage.Location connection string with SslEnabled=true
    <add key="Storage.Location" value="host={host}:9000;accessKey={key};secretKey={secret};SslEnabled=true" />
  2. Restart IIS

I was able to successfully Publish a package through Orchestrator to Minio

First upload was with SSL and second upload was with SSL.


@codemonkee - Brilliant., brilliant., brilliant…!!! :slight_smile: Thanks a lot Tim…!!

Wrong :-

Correct :-

Worked like a charm…!! :star_struck:

Will you be able to make a tutorial documentation in Forum out of this? I might miss something if I create. Let me know :slight_smile:

1 Like

Perhaps, but probably not right away as I’m fairly busy with other things going on.

In the meantime, I’ve suggested an edit on the UiPath.Orchestrator.dll.config documentation to update the Minio example connection string to include SslEnabled=false just to provide a hint that it can be set to true in the meantime.

Really it would be nice if they had some dedicated documentation for each Storage Provider supported by Storage.Type and Storage Buckets.

1 Like

@codemonkee - Yes, it would be really great if UiPath can update the details for each of them. Thank you for pointing it out :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.