Reinstalling HTTPS SSL certificate on expiry

Reinstall HTTPs SSL certificate when your HTTPS SSL certificate expires.

The HTTPS SSL certificate is required for secure and encrypted communication between your browser and IQ Bot, to protect highly confidential online transactions, for example, online financial and shopping transactions. The padlock icon on your browser indicates that you have an active secure connection.

To enable a secure connection, get the HTTPS SSL certificate as follows:

  1. Go to %installation_dir%\Configurations and as an administrator, run stopanduninstallallservices.bat.
    Note: In a cluster installation, stop the services on each of the nodes for IQ Bot and Control Room cluster.
  2. Go to %installation_dir%\Portal\keys and make a backup of the cert.crt, key.key, and ca.crt files.
  3. Convert the .pfx file of the IQ Bot certificate to .crt and .key formats by running the following commands:
    • Extract an encrypted key from .pfx file.
      openssl.exe pkcs12 -in "path_to_cert\example.pfx" -nocerts -out
      "path_to_cert\example encp.key" 
      Note: If the .pfx file is password protected, you need to enter the pass phrase when prompted.
    • Convert an encrypted key to a readable format.
      openssl.exe rsa -in "path_to_cert\example encp.key" -out "path_to_cert\key.key"
      This command converts encrypted key to a readable format.
    • Convert the .pfx file to .crt format.
      openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out
      "path_to_cert\cert.crt"
    • Fetch the ca.crt file from the Control Room certifcate (.pfx) file only if the Control Room certificate also expires.
      openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
  4. Copy or replace the cert.crt, and key.key (generated in the previous step), and the ca.cert (generated using the Control Room certificate .pfx file ) to the %installation_dir%\Portal\keys folder.
  5. Import the IQ Bot public certificate into the Java Key store for IQ Bot by running this command as a system administrator:
     
    "JRE Location\bin\keytool.exe" -import -alias iqbot -keystore "cacerts location of iq bot" -file " iq bot public certificate file"

    Example: C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\bin\keytool.exe" -import -alias cr -keystore "C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\lib\security\cacerts" -file "C:\Certificate\cert.crt

  6. To import the IQ Bot public certificate into Control Room, go to the Control Room installation path, such as: C:\Program Files\Automation Anywhere\Enterprise, and run the following command as a system administrator: jre\bin\java -jar certmgr.jar -appDir "C:\Program Files\Automation Anywhere\Enterprise" -importTrustCert "C:\Certificate\cert.crt".

    For Automation 360 IQ Bot , use the following path: jrk\bin\java -jar certmgr.jar -appDir "C:\Program Files\Automation Anywhere\Enterprise" -importTrustCert "C:\Certificate\cert.crt".

  7. After importing the certificates, restart the Control Room and IQ Bot servers.

    This refreshes the system caches.

  8. On the IQ Bot server, go to %installation_dir%\Configurations and as an administrator, run installandstartallservices.bat.

If the Control Room certificate expires

  1. Follow the steps: Import Control Room HTTPS and CA certificates
  2. Convert .pfx to .crt format.openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out "path_to_cert\cert.crt".
  3. Fetch the ca.crt file from the Control Room certificate (.pfx) file.openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
  4. Copy or replace the ca.cert to the keys folder in IQ Bot.
  5. Import the Control Room public certificate into Java Key store for IQ Bot by running this command as a system administrator: "JRE Location\bin\keytool.exe" -import -alias cr -keystore "cacerts location of iq bot" -file "control room public certificate file".

    Example: C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\bin\keytool.exe" -import -alias cr -keystore "C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\lib\security\cacerts" -file "C:\Certificate\cert.crt

Note: To change the Control Room certificate, follow steps here: Import Control Room HTTPS and CA certificates