Update/Renew Orchestrator Certificate Post Tasks

I would like to share one of the problems occurred in my On-Prim UIPath Platform.
Our certificate has expired and needs to be renewed or replaced.
After the creation of new self signed certificate from IIS i started getting below problems:

  1. Orchestrator site failed to open with below error:
    {“message”:”An error has occurred.”,”errorCode”:0,”resourceIds”:null}

  2. Robots cannot connect to the orchestrator, and if connected, below errors will be encountered:

  • Get Credential: You are not authenticated! Error code: 0
  • Cannot find some packages
  • etc

The solution is easy as below :

  • After creation of new self signed certificate, you need to go to mmc → Local Computer → Personal certificates → find your certificate and right click on it then choose manage private keys → then add a permission for “IIS APPPOOL\Identity”

  • Go to “C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json” and update the thumbprint in this file by replacing it with the one from the new self signed certificate.

  • After that, copy the certificate to robot servers and install it there.

And, That’s it

8 Likes

Thanks a lot, Omar. Your post helped me getting my issue fixed after running around for good two days. Can’t thank you enough. My sincere gratitude.

1 Like

I do not agree on the method of using the certificate and sharing the private keys / updating the JSON file. This seems to go against the best practice of a webserver and its configuration. I would like to understand more about the reasoning behind it.

Supposedly our certificate is a signed certificate within our environment and should not require any other actions to let it propagate to its clients. Updating the .JSON file seems a bit of manual work for a certificate that might change often. I am not too sure about the permission for the private keys.

I would like to know what is the best practice as per UiPath for updating/renewing self signed orchestrator certificates

Check this documentation: https://docs.uipath.com/installation-and-upgrade/docs/using-a-certificate-for-the-https-protocol

I have met the same problem, follow this doc solved to the problem Knowledge: Changing The SSL Certificate For UiPath Orchestrator Website (force.com)

Hi Everyone,
I hope to seek some advice on this error that i encountered when i am renewing the cert on Orchestrator. I have installed the certs on the server. But when i run the following on Powershell…
.\Platform.Configuration.Tool.ps1 -UpdateUiPathCertificate
-SiteName “UiPath Orchestrator” -NewSSLThumbprint "Thumbprint of certificate"
-NewTokenSigningThumbprint “Thumbprint of certificate”

I saw an error below.

I validated on IIS that the cert is binded and AppSetting.Production is updated but Orchestrator is not accessible.

Please advise! Thanks in advance!

Open C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json
and validate the thumbprint! is it similar to the one from the new certificate?

Hi Omar,
Yes, i checked that the thumbprint matches with the thumbprint of the new cert.

Is there a need to redo from CSR? I am worried that it revokes our current active cert when the cert is being re-issued.