Create a Control Room Certificate on Windows

Create the Certificate

Watch this YouTube video from 0:30 to 3:47. Here are the written instructions:

  • Open PowerShell

  • Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output:

    $ Get-Command -Module PKI
     CommandType     Name                                               Version    Source
    -----------     ----                                               -------    ------ 
    Cmdlet          Add-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
    Cmdlet          Export-Certificate                                 1.0.0.0    PKI    
    Cmdlet          Export-PfxCertificate                              1.0.0.0    PKI    
    Cmdlet          Get-Certificate                                    1.0.0.0    PKI    
    Cmdlet          Get-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
    Cmdlet          Get-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
    Cmdlet          Get-CertificateNotificationTask                    1.0.0.0    PKI    
    Cmdlet          Get-PfxData                                        1.0.0.0    PKI    
    Cmdlet          Import-Certificate                                 1.0.0.0    PKI    
    Cmdlet          Import-PfxCertificate                              1.0.0.0    PKI    
    Cmdlet          New-CertificateNotificationTask                    1.0.0.0    PKI    
    Cmdlet          New-SelfSignedCertificate                          1.0.0.0    PKI    
    Cmdlet          Remove-CertificateEnrollmentPolicyServer           1.0.0.0    PKI    
    Cmdlet          Remove-CertificateNotificationTask                 1.0.0.0    PKI    
    Cmdlet          Set-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
    Cmdlet          Switch-Certificate                                 1.0.0.0    PKI    
    Cmdlet          Test-Certificate                                   1.0.0.0    PKI 
  • Create the certificate for you domain name (replace DOMAIN_NAME with your actual domain name, e.g. my-controlroom.eastus.cloudapp.azure.com):

    New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My
  • Open MMC (Microsoft Management Console) with the following command:

    mmc
  • Find the newly created certificate in MMC (easiest to follow along in YouTube video):

    • File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK

    • Certificates (Local Computer) > Personal > Certificates > YOUR_CERTIFICATE

  • Export the certificate to a file:

    • Right click on your cert > All Tasks > Export

    • From the β€œCertificate Export Wizard”

      • Yes, export the private key

      • Check β€œInclude all certificates in the certification path if possible”

      • Uncheck β€œEnable certificate privacy”

      • Set password (anything should be fine)

      • File can go anywhere you want

      • Finish

Set the Certificate on the Server

See official Automation Anywhere source documentation.

  • Open PowerShell in administrator mode

  • Navigate to your AA installation path, probably C:\Program Files\Automation Anywhere\Automation360

    cd "C:\Program Files\Automation Anywhere\Automation360"
  • Run the following command (replace AA_INSTALLATION_PATH with the AA path from the last step, PFX_FILE_PATH with the file path set above and PASSWORD with the password set above):

    jdk11\\bin\\java -jar certmgr.jar -appDir "AA_INSTALLATION_PATH" -setServerCert "PFX_FILE_PATH" -privateKeyPass PASSWORD
  • Restart the β€œAutomation Anywhere Control Room Reverse Proxy” service (see here)

  • Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it.

Last updated