# Create a Control Room Certificate on Windows ## Create the Certificate Watch this [YouTube video](https://youtu.be/LSP4wZfi-i8) from 0:30 to 3:47. Here are the written instructions: * Open PowerShell * Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output: ``` $ Get-Command -Module PKI CommandType Name Version Source ----------- ---- ------- ------ Cmdlet Add-CertificateEnrollmentPolicyServer 1.0.0.0 PKI Cmdlet Export-Certificate 1.0.0.0 PKI Cmdlet Export-PfxCertificate 1.0.0.0 PKI Cmdlet Get-Certificate 1.0.0.0 PKI Cmdlet Get-CertificateAutoEnrollmentPolicy 1.0.0.0 PKI Cmdlet Get-CertificateEnrollmentPolicyServer 1.0.0.0 PKI Cmdlet Get-CertificateNotificationTask 1.0.0.0 PKI Cmdlet Get-PfxData 1.0.0.0 PKI Cmdlet Import-Certificate 1.0.0.0 PKI Cmdlet Import-PfxCertificate 1.0.0.0 PKI Cmdlet New-CertificateNotificationTask 1.0.0.0 PKI Cmdlet New-SelfSignedCertificate 1.0.0.0 PKI Cmdlet Remove-CertificateEnrollmentPolicyServer 1.0.0.0 PKI Cmdlet Remove-CertificateNotificationTask 1.0.0.0 PKI Cmdlet Set-CertificateAutoEnrollmentPolicy 1.0.0.0 PKI Cmdlet Switch-Certificate 1.0.0.0 PKI Cmdlet Test-Certificate 1.0.0.0 PKI ``` * Create the certificate for you domain name (replace `DOMAIN_NAME` with your actual domain name, e.g. `my-controlroom.eastus.cloudapp.azure.com`): ``` New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My ``` * Open MMC (Microsoft Management Console) with the following command: ``` mmc ``` * Find the newly created certificate in MMC (easiest to follow along in YouTube video): * File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK * Certificates (Local Computer) > Personal > Certificates > YOUR\_CERTIFICATE * Export the certificate to a file: * Right click on your cert > All Tasks > Export * From the “Certificate Export Wizard” * Yes, export the private key * Check “Include all certificates in the certification path if possible” * Uncheck “Enable certificate privacy” * Set password (anything should be fine) * File can go anywhere you want (used in the next step as `PFX_FILE_PATH`) * Finish ## Set the Certificate on the Server See [official Automation Anywhere source documentation](https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/deployment-planning/on-prem-install/cloud-config-control-room-https-import-cert.html). * Open PowerShell in administrator mode * Navigate to your AA installation path, probably `C:\Program Files\Automation Anywhere\Automation360` ``` cd "C:\Program Files\Automation Anywhere\Automation360" ``` * Run the following command (replace `AA_INSTALLATION_PATH` with the AA path from the last step, `PFX_FILE_PATH` with the file path set above and `PASSWORD` with the password set above): ``` jdk11\\bin\\java -jar certmgr.jar -appDir "AA_INSTALLATION_PATH" -setServerCert "PFX_FILE_PATH" -privateKeyPass PASSWORD ``` * Restart the “Automation Anywhere Control Room Reverse Proxy” service (see [here](https://kb.wisc.edu/helpdesk/page.php?id=36667)) * Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it. ## Trust the Certificate on the Client See [official Automation Anywhere source documentation](https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/deployment-planning/on-prem-install/cr-self-signed-certificate-java-credential-store.html). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pixiebrix.com/integrations/automation-anywhere/create-a-control-room-certificate-on-windows.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.