Import HTTPS SSL, intermediate, and CA certificates

After you install the Control Room for an On-Premises deployments, you can use the Windows or Linux command prompt to import all or some of these certificate:

  • HTTPS SSL
  • Intermediate
  • Certificate Authority (CA)
You can import HTTPS SSL, intermediate, and CA certificates in the following scenarios:
  • When you switch the Control Room from HTTP to HTTPS after Automation 360 is installed.
  • The certificates have expired and must be reinstalled.

    For example, when you add a new server.

  • When there is an issue with the CA certificate, due to which a 0 KB certificate is installed in the installation directory.

These instructions apply to both Windows and Linux installations.

Procedure

To import an HTTPS SSL, intermediate, or CA certificate to configure the Control Room for secure connection using the command prompt, perform the following steps:

  1. Run the command prompt in administrator mode.
  2. Navigate to the Automation Anywhere installation path.
    The default installation path for Windows is C:\Program Files\Automation Anywhere\Automation360.
    The default installation path for Linux is /opt/automationanywhere/enterprise
  3. Enter or paste the following at the command prompt:
    • For Windows, if only server certificate is required or if the intermediate certificates are required and all certificates are in a single file (single file with certificate chain), then enter the command:
      jdk11\bin\java -jar certmgr.jar -appDir "C:\Program Files\Automation Anywhere\Automation360" -setServerCert "C:\Users\cradmin\Desktop\test_automationanywhere_com.pfx" -privateKeyPass <PFX Password>
    • For Windows, if intermediate certificates are required and the server certificate file does not contain any intermediate certificates, then copy all the intermediate certificates to a directory on your device and use the directory path in the following command. Enter the command only after you have updated it with the required values:
      jdk11\bin\java -jar certmgr.jar -appDir "C:\Program Files\Automation Anywhere\Automation360" -setServerCert "<path to P12/PKCS12 certificate file>" -privateKeyPass <cert file password> -intermediateCertDir "<path to unzipped certs directory>"
      Note:
      • Importing intermediate certificate is supported on Windows only.
      • Password protected intermediate certificates are not supported.
    • For Windows CA certificate, enter the command:
      jdk11\bin\java -jar certmgr.jar -appDir "C:\Program Files\Automation Anywhere\Automation360" -importTrustCert "D:\<user name>\My Downloads\CA31.cer"
    • For Linux CentOS HTTPS SSL certificate, enter the command:
      jdk11/bin/java -jar certmgr.jar -appDir "/opt/automationanywhere/enterprise" -setServerCert "/home/<user>/test_automationanywhere_com.pfx" -privateKeyPass <PFX Password>
    • For Linux CentOS CA certificate, enter the command:
      jdk11/bin/java -jar certmgr.jar -appDir 
                        "/opt/automationanywhere/enterprise" 
                        -importTrustCert "CA31.cer"
  4. Restart the Control Room Reverse Proxy Service to view the imported certificates.
  5. During the installation, if you did not accept the default and indicated you want to upload your own (self-signed) certificate, add the following parameters to the boot.db.properties file that is located in the config folder, in the Automation Anywhere installation path.
    • Windows file location:

      root:\Program Files\Automation Anywhere\config\boot.db.properties

    • Linux file location:

      /opt/automationanywhere/enterprise/config/boot.db.properties

    Parameter:

    trustServerCertificate=false