Reinstalling HTTPS SSL certificate on expiry
- Updated: 2024/01/31
Reinstalling HTTPS SSL certificate on expiry
Reinstall HTTPs SSL certificate when your HTTPS SSL certificate expires.
The HTTPS SSL certificate is required for secure and encrypted communication between your browser and IQ Bot, to protect highly confidential online transactions, for example, online financial and shopping transactions. The padlock icon on your browser indicates that you have an active secure connection.
To enable a secure connection, get the HTTPS SSL certificate as follows:
- Go to %installation_dir%\Configurations and as an
administrator, run stopanduninstallallservices.bat.
Note: In a cluster installation, stop the services on each of the nodes for IQ Bot and Control Room cluster.
- Go to %installation_dir%\Portal\keys and make a backup of the cert.crt, key.key, and ca.crt files.
- Convert the .pfx file of the IQ Bot
certificate to .crt and .key formats
by running the following commands:
- Extract an encrypted key from .pfx file.
openssl.exe pkcs12 -in "path_to_cert\example.pfx" -nocerts -out "path_to_cert\example encp.key"
Note: If the .pfx file is password protected, you need to enter the pass phrase when prompted. - Convert an encrypted key to a readable
format.
openssl.exe rsa -in "path_to_cert\example encp.key" -out "path_to_cert\key.key" This command converts encrypted key to a readable format.
- Convert the .pfx file to .crt
format.
openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out "path_to_cert\cert.crt"
- Fetch the ca.crt file from the Control Room certifcate (.pfx) file only
if the Control Room certificate also
expires.
openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
- Extract an encrypted key from .pfx file.
- Copy or replace the cert.crt, and key.key (generated in the previous step), and the ca.cert (generated using the Control Room certificate .pfx file ) to the %installation_dir%\Portal\keys folder.
- Import the IQ Bot public certificate into the Java Key store for
IQ Bot by running this command as a system administrator:
"JRE Location\bin\keytool.exe" -import -alias iqbot -keystore "cacerts location of iq bot" -file " iq bot public certificate file"
Example: C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\bin\keytool.exe" -import -alias cr -keystore "C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\lib\security\cacerts" -file "C:\Certificate\cert.crt
- To import the IQ Bot public certificate into Control Room, go to the Control Room installation
path, such as: C:\Program Files\Automation
Anywhere\Enterprise, and run the following command as a system
administrator: jre\bin\java -jar certmgr.jar -appDir "C:\Program
Files\Automation Anywhere\Enterprise" -importTrustCert
"C:\Certificate\cert.crt".
For Automation 360 IQ Bot , use the following path: jrk\bin\java -jar certmgr.jar -appDir "C:\Program Files\Automation Anywhere\Enterprise" -importTrustCert "C:\Certificate\cert.crt".
- After importing the certificates, restart the Control
Room and IQ Bot servers.
This refreshes the system caches.
- On the IQ Bot server, go to %installation_dir%\Configurations and as an administrator, run installandstartallservices.bat.
If the Control Room certificate expires
- Follow the steps: Import Control Room HTTPS and CA certificates
- Convert .pfx to .crt format.
openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out "path_to_cert\cert.crt"
. - Fetch the ca.crt file from the Control Room certificate (.pfx)
file.
openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
- Copy or replace the ca.cert to the keys folder in IQ Bot.
- Import the Control Room public certificate
into Java Key store for IQ Bot by running this command as a
system administrator:
"JRE Location\bin\keytool.exe" -import -alias cr -keystore "cacerts location of iq bot" -file "control room public certificate file"
.Example: C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\bin\keytool.exe" -import -alias cr -keystore "C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\lib\security\cacerts" -file "C:\Certificate\cert.crt