Update/Renew Orchestrator Certificate Post Tasks

News Tutorials
, ,
1

I would like to share one of the problems occurred in my On-Prim UIPath Platform.
Our certificate has expired and needs to be renewed or replaced.
After the creation of new self signed certificate from IIS i started getting below problems:

  1. Orchestrator site failed to open with below error:
    {“message”:”An error has occurred.”,”errorCode”:0,”resourceIds”:null}

  2. Robots cannot connect to the orchestrator, and if connected, below errors will be encountered:

  • Get Credential: You are not authenticated! Error code: 0
  • Cannot find some packages
  • etc

The solution is easy as below :

  • After creation of new self signed certificate, you need to go to mmc → Local Computer → Personal certificates → find your certificate and right click on it then choose manage private keys → then add a permission for “IIS APPPOOL\Identity”

  • Go to “C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json” and update the thumbprint in this file by replacing it with the one from the new self signed certificate.

  • After that, copy the certificate to robot servers and install it there.

And, That’s it

6 Likes
2

Thanks a lot, Omar. Your post helped me getting my issue fixed after running around for good two days. Can’t thank you enough. My sincere gratitude.

1 Like
3

I do not agree on the method of using the certificate and sharing the private keys / updating the JSON file. This seems to go against the best practice of a webserver and its configuration. I would like to understand more about the reasoning behind it.

Supposedly our certificate is a signed certificate within our environment and should not require any other actions to let it propagate to its clients. Updating the .JSON file seems a bit of manual work for a certificate that might change often. I am not too sure about the permission for the private keys.

I would like to know what is the best practice as per UiPath for updating/renewing self signed orchestrator certificates

4

Check this documentation: https://docs.uipath.com/installation-and-upgrade/docs/using-a-certificate-for-the-https-protocol

5

I have met the same problem, follow this doc solved to the problem Knowledge: Changing The SSL Certificate For UiPath Orchestrator Website (force.com)