Reinstalling HTTPS SSL certificate for secure communication when it expires
- Updated: 2025/05/05
Reinstall HTTPs SSL certificate in Automation 360 IQ Bot when your HTTPS SSL certificate expires.
To enable a secure connection, get the HTTPS SSL certificate as follows:
- Go to %installation_dir%\Configurations and as an
administrator, run stopanduninstallallservices.bat.
Note: In a cluster installation, stop the services on each of the nodes for IQ Bot and Control Room cluster.
- Go to %installation_dir%\Portal\keys and make a backup of the cert.crt, key.key, and ca.crt files.
- Convert the .pfx file of the IQ Bot
certificate to .crt and .key formats
by running the following commands:
- Extract an encrypted key from .pfx file.
openssl.exe pkcs12 -in "path_to_cert\example.pfx" -nocerts -out "path_to_cert\example encp.key"Note: If the .pfx file is password protected, you need to enter the pass phrase when prompted. - Convert an encrypted key to a readable
format.
openssl.exe rsa -in "path_to_cert\example encp.key" -out "path_to_cert\key.key" This command converts encrypted key to a readable format. - Convert the .pfx file to .crt
format.
openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out "path_to_cert\cert.crt" - Fetch the ca.crt file from the Control Room certifcate (.pfx) file only
if the Control Room certificate also
expires.
openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
- Extract an encrypted key from .pfx file.
- Copy or replace the cert.crt, and key.key (generated in the previous step), and the ca.cert (generated using the Control Room certificate .pfx file ) to the %installation_dir%\Portal\keys folder.
- To import the IQ Bot public certificate into the Java Key store for
IQ Bot, go to C:\Program Files (x86)\Automation 360
IQ Bot\JRE\zulu11\bin and run the following command as a system administrator:
"JRE Location\bin\keytool.exe" -import -alias iqbot-keystore "cacerts location of iq bot" -file " iq bot public certificate file"Example: C:\Program Files (x86)\Automation 360 IQ Bot\JRE\zulu11\bin\keytool.exe -import -alias iqbot-keystore -keystore "C:\Program Files (x86)\Automation 360 IQ Bot\JRE\zulu11\lib\security\cacerts" -file "C:\Certificate\cert.crt"
- To import the IQ Bot public
certificate into Control Room, go to the Control Room installation path, such as C:\Program
Files\Automation Anywhere\Automation360\jdk11\bin, and run the
following command as system administrator:
java.exe -jar "C:\Program Files\Automation Anywhere\Automation360\certmgr.jar" -appDir "C:\Program Files\Automation Anywhere\Automation360" -importTrustCert "C:\Certificate\cert.crt"
- After importing the certificates, restart the Control
Room and IQ Bot servers.
This refreshes the system caches.
- On IQ Bot Server, go to %installation_dir%\Configurations and as an administrator, run installandstartallservices.bat.
If the Control Room certificate expires
- Follow the steps: Import HTTPS and CA certificates
- Convert .pfx to .crt format.
openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out "path_to_cert\cert.crt". - Fetch the ca.crt file from the Control Room certificate (.pfx)
file.
openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt> - Copy or replace the ca.cert to the keys folder in IQ Bot.
- Import the Control Room public certificate into
Java Key store for IQ Bot by running this command as a system
administrator:
"JRE Location\bin\keytool.exe" -import -alias cr -keystore "cacerts location of iq bot" -file "control room public certificate file".If you encounter an error while importing the IQ Bot public certificate (cert.crt) in the Control Room, see A360 IQBot | Public Certification Installation Issue during bundle process.
Example: C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\bin\keytool.exe" -import -alias cr -keystore "C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\lib\security\cacerts" -file "C:\Certificate\cert.crt