Create a Control Room Certificate on Windows

Create the Certificate

Watch this YouTube video from 0:30 to 3:47. Here are the written instructions:

Open PowerShell

Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output:

$ Get-Command -Module PKI
 CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------ 
Cmdlet          Add-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
Cmdlet          Export-Certificate                                 1.0.0.0    PKI    
Cmdlet          Export-PfxCertificate                              1.0.0.0    PKI    
Cmdlet          Get-Certificate                                    1.0.0.0    PKI    
Cmdlet          Get-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
Cmdlet          Get-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
Cmdlet          Get-CertificateNotificationTask                    1.0.0.0    PKI    
Cmdlet          Get-PfxData                                        1.0.0.0    PKI    
Cmdlet          Import-Certificate                                 1.0.0.0    PKI    
Cmdlet          Import-PfxCertificate                              1.0.0.0    PKI    
Cmdlet          New-CertificateNotificationTask                    1.0.0.0    PKI    
Cmdlet          New-SelfSignedCertificate                          1.0.0.0    PKI    
Cmdlet          Remove-CertificateEnrollmentPolicyServer           1.0.0.0    PKI    
Cmdlet          Remove-CertificateNotificationTask                 1.0.0.0    PKI    
Cmdlet          Set-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
Cmdlet          Switch-Certificate                                 1.0.0.0    PKI    
Cmdlet          Test-Certificate                                   1.0.0.0    PKI

Create the certificate for you domain name (replace DOMAIN_NAME with your actual domain name, e.g. my-controlroom.eastus.cloudapp.azure.com):

New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My

Open MMC (Microsoft Management Console) with the following command:
```
mmc
```
Find the newly created certificate in MMC (easiest to follow along in YouTube video):
- File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK
- Certificates (Local Computer) > Personal > Certificates > YOUR_CERTIFICATE
Export the certificate to a file:
- Right click on your cert > All Tasks > Export
- From the “Certificate Export Wizard”
  - Yes, export the private key
  - Check “Include all certificates in the certification path if possible”
  - Uncheck “Enable certificate privacy”
  - Set password (anything should be fine)
  - File can go anywhere you want
  - Finish

Set the Certificate on the Server

See official Automation Anywhere source documentation.

Open PowerShell in administrator mode
Navigate to your AA installation path, probably C:\Program Files\Automation Anywhere\Automation360
```
cd "C:\Program Files\Automation Anywhere\Automation360"
```
Run the following command (replace AA_INSTALLATION_PATH with the AA path from the last step, PFX_FILE_PATH with the file path set above and PASSWORD with the password set above):
```
jdk11\\bin\\java -jar certmgr.jar -appDir "AA_INSTALLATION_PATH" -setServerCert "PFX_FILE_PATH" -privateKeyPass PASSWORD
```
Restart the “Automation Anywhere Control Room Reverse Proxy” service (see here)
Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it.

PreviousPoint PixieBrix Extension to Staging AuthConfig App NextGoogle Drive

Last updated 10 days ago