Read and Review Automation Anywhere Documentation

Automation 360

Close Contents

Contents

Open Contents

Configure application Transport Layer Security

  • Updated: 6/22/2021
    • Automation 360 v.x
    • Install
    • RPA Workspace

Configure application Transport Layer Security

Use the Transport Layer Security (TLS) configuration wizard page from the Automation 360 installer to generate a self-signed certificate or import a security certificate to set up a highly secure Control Room instance.

All Automation Anywhere components should be secured with TLS 1.2 encryption. Automation Anywhere leverages TLS 1.2 encryption for HTTPS and TCP communications between our components. The TLS certificates are installed on the Automation Anywhere Control Room and IQ Bot servers. The certificates are installed in .PFX format and leveraged for communications.

Note: If your load balancer uses HTTP to forward traffic to the Control Room, do not use the Enable Force HTTP traffic to HTTPS option. We recommend that you use HTTPS to forward the load balancer traffic for enhanced security instead.

Procedure

  1. In the TLS Configuration page, configure the following:
    • Generate a Self-Signed Certificate

      Enabling the Self-Signed Certificate option allows the installer to generate a unique private key and a self-signed certificate for the Control Room.

    • Import a Certificate

      To import a custom certificate, clear the Self Signed Certificate check box. This setting allows you to import a certificate using the Certificate Path field.

      Note: The certificate file must be a PKCS12 format.
      Provide the following information:
      • Certificate Path: Click Browse to import the certificate.
      • Private Key Password: Enter the password for the private key.
        Password limitation: Do not use the at sign (@) in passwords. Using the special character @ in the password causes the certificate file import to fail.
      • Webserver Port: Enter the web server port – either HTTP or HTTPS. If the port is already assigned, an error message is displayed.
        Attention: The port validation message is also displayed when you add 8080 for the web server and if that port is already in use for a Control Room license service. Use a different unassigned port in these cases.
      • Enable Force HTTP traffic to HTTPS: This option redirects all HTTP port requests to HTTPS. To access to the Control Room through HTTPS using the generated self-signed certificate, ensure the port numbers are different for HTTP and HTTPS.
        To generate a custom certificate for HTTPS, ensure your custom certificate meets the following:
        • Create a .pfx certificate with a pass code from a CA trusted authority.
        • Combine Root, Intermediate, and Machine level certificates into a single certificate.
        • Use the format [WS Machine Host Name].[DomainName].com for the private key.
        • Include the host name as a fully qualified domain name (FQDN) in the certificate.

          You provide the host name during Control Room installation.

        • In multi-node HA clusters, issue certificates to the load balancer DNS name.
        • Add individual URLs, which require access to all nodes, to the Subject Alternative Name field in the certificate.

        For more information, see Automation Anywhere support site: Automation 360 On-Premises prerequisites (A-People login required).

  2. Click Next to configure service credentials.
Send Feedback