Reinstalling HTTPS SSL certificate for secure communication when it expires

Reinstall HTTPs SSL certificate in Automation 360 IQ Bot when your HTTPS SSL certificate expires.

The HTTPS SSL certificate is required for secure and encrypted communication between your browser and IQ Bot, to protect highly confidential online transactions, for example, online financial and shopping transactions. The padlock icon on your browser indicates that you have an active secure connection.

To enable a secure connection, get the HTTPS SSL certificate as follows:

  1. Go to %installation_dir%\Configurations and as an administrator, run stopanduninstallallservices.bat.
    Note: In a cluster installation, stop the services on each of the nodes for IQ Bot and Control Room cluster.
  2. Go to %installation_dir%\Portal\keys and make a backup of the cert.crt, key.key, and ca.crt files.
  3. Convert the .pfx file of the IQ Bot certificate to .crt and .key formats by running the following commands:
    • Extract an encrypted key from .pfx file.
      openssl.exe pkcs12 -in "path_to_cert\example.pfx" -nocerts -out
      "path_to_cert\example encp.key" 
      Note: If the .pfx file is password protected, you need to enter the pass phrase when prompted.
    • Convert an encrypted key to a readable format.
      openssl.exe rsa -in "path_to_cert\example encp.key" -out "path_to_cert\key.key"
      This command converts encrypted key to a readable format.
    • Convert the .pfx file to .crt format.
      openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out
      "path_to_cert\cert.crt"
    • Fetch the ca.crt file from the Control Room certifcate (.pfx) file only if the Control Room certificate also expires.
      openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
  4. Copy or replace the cert.crt, and key.key (generated in the previous step), and the ca.cert (generated using the Control Room certificate .pfx file ) to the %installation_dir%\Portal\keys folder.
  5. To import the IQ Bot public certificate into the Java Key store for IQ Bot, go to C:\Program Files (x86)\Automation 360 IQ Bot\JRE\zulu11\bin and run the following command as a system administrator:
     
    "JRE Location\bin\keytool.exe" -import -alias iqbot-keystore "cacerts location of iq bot" -file " iq bot public certificate file"

    Example: C:\Program Files (x86)\Automation 360 IQ Bot\JRE\zulu11\bin\keytool.exe -import -alias cr -keystore "C:\Program Files (x86)\Automation 360 IQ Bot\JRE\zulu11\lib\security\cacerts" -file "C:\Certificate\cert.crt"

  6. To import the IQ Bot public certificate into Control Room, go to the Control Room installation path, such as C:\Program Files\Automation Anywhere\Automation360\jdk11\bin, and run the following command as system administrator:

    java.exe -jar "C:\Program Files\Automation Anywhere\Automation360\certmgr.jar" -appDir "C:\Program Files\Automation Anywhere\Automation360" -importTrustCert "C:\Certificate\cert.crt"

  7. After importing the certificates, restart the Control Room and IQ Bot servers.

    This refreshes the system caches.

  8. On IQ Bot Server, go to %installation_dir%\Configurations and as an administrator, run installandstartallservices.bat.

If the Control Room certificate expires

  1. Follow the steps: Import HTTPS and CA certificates
  2. Convert .pfx to .crt format.openssl.exe pkcs12 -in "path_to_cert\example.pfx" -clcerts -nokeys -out "path_to_cert\cert.crt".
  3. Fetch the ca.crt file from the Control Room certificate (.pfx) file.openssl pkcs12 -in <filename.pfx> -cacerts -nokeys -chain -out <ca.crt>
  4. Copy or replace the ca.cert to the keys folder in IQ Bot.
  5. Import the Control Room public certificate into Java Key store for IQ Bot by running this command as a system administrator: "JRE Location\bin\keytool.exe" -import -alias cr -keystore "cacerts location of iq bot" -file "control room public certificate file".

    If you encounter an error while importing the IQ Bot public certificate (cert.crt) in the Control Room, see A360 IQBot | Public Certification Installation Issue during bundle process.

    Example: C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\bin\keytool.exe" -import -alias cr -keystore "C:\Program Files (x86)\Automation Anywhere IQ Bot <version number>\JRE\1.8.0_161\lib\security\cacerts" -file "C:\Certificate\cert.crt

Note: To change the Control Room certificate, follow steps here: Import HTTPS and CA certificates