Create a Control Room Certificate on Windows

Create the Certificate

Watch this YouTube video from 0:30 to 3:47. Here are the written instructions:

Open PowerShell

Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output:

$ Get-Command -Module PKI
 CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------ 
Cmdlet          Add-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
Cmdlet          Export-Certificate                                 1.0.0.0    PKI    
Cmdlet          Export-PfxCertificate                              1.0.0.0    PKI    
Cmdlet          Get-Certificate                                    1.0.0.0    PKI    
Cmdlet          Get-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
Cmdlet          Get-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
Cmdlet          Get-CertificateNotificationTask                    1.0.0.0    PKI    
Cmdlet          Get-PfxData                                        1.0.0.0    PKI    
Cmdlet          Import-Certificate                                 1.0.0.0    PKI    
Cmdlet          Import-PfxCertificate                              1.0.0.0    PKI    
Cmdlet          New-CertificateNotificationTask                    1.0.0.0    PKI    
Cmdlet          New-SelfSignedCertificate                          1.0.0.0    PKI    
Cmdlet          Remove-CertificateEnrollmentPolicyServer           1.0.0.0    PKI    
Cmdlet          Remove-CertificateNotificationTask                 1.0.0.0    PKI    
Cmdlet          Set-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
Cmdlet          Switch-Certificate                                 1.0.0.0    PKI    
Cmdlet          Test-Certificate                                   1.0.0.0    PKI

Create the certificate for you domain name (replace DOMAIN_NAME with your actual domain name, e.g. my-controlroom.eastus.cloudapp.azure.com):

New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My

Open MMC (Microsoft Management Console) with the following command:
```
mmc
```
Find the newly created certificate in MMC (easiest to follow along in YouTube video):
- File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK
- Certificates (Local Computer) > Personal > Certificates > YOUR_CERTIFICATE
Export the certificate to a file:
- Right click on your cert > All Tasks > Export
- From the “Certificate Export Wizard”
  - Yes, export the private key
  - Check “Include all certificates in the certification path if possible”
  - Uncheck “Enable certificate privacy”
  - Set password (anything should be fine)
  - File can go anywhere you want (used in the next step as PFX_FILE_PATH)
  - Finish

Set the Certificate on the Server

See official Automation Anywhere source documentation.

Open PowerShell in administrator mode
Navigate to your AA installation path, probably C:\Program Files\Automation Anywhere\Automation360
```
cd "C:\Program Files\Automation Anywhere\Automation360"
```
Run the following command (replace AA_INSTALLATION_PATH with the AA path from the last step, PFX_FILE_PATH with the file path set above and PASSWORD with the password set above):
```
jdk11\\bin\\java -jar certmgr.jar -appDir "AA_INSTALLATION_PATH" -setServerCert "PFX_FILE_PATH" -privateKeyPass PASSWORD
```
Restart the “Automation Anywhere Control Room Reverse Proxy” service (see here)
Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it.

Trust the Certificate on the Client

See official Automation Anywhere source documentation.

PreviousPoint PixieBrix Extension to Staging AuthConfig App NextGoogle Drive

Last updated 1 month ago

Was this helpful?

Create the Certificate

Watch this YouTube video from 0:30 to 3:47. Here are the written instructions:

Open PowerShell

Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output:

$ Get-Command -Module PKI
 CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------ 
Cmdlet          Add-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
Cmdlet          Export-Certificate                                 1.0.0.0    PKI    
Cmdlet          Export-PfxCertificate                              1.0.0.0    PKI    
Cmdlet          Get-Certificate                                    1.0.0.0    PKI    
Cmdlet          Get-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
Cmdlet          Get-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
Cmdlet          Get-CertificateNotificationTask                    1.0.0.0    PKI    
Cmdlet          Get-PfxData                                        1.0.0.0    PKI    
Cmdlet          Import-Certificate                                 1.0.0.0    PKI    
Cmdlet          Import-PfxCertificate                              1.0.0.0    PKI    
Cmdlet          New-CertificateNotificationTask                    1.0.0.0    PKI    
Cmdlet          New-SelfSignedCertificate                          1.0.0.0    PKI    
Cmdlet          Remove-CertificateEnrollmentPolicyServer           1.0.0.0    PKI    
Cmdlet          Remove-CertificateNotificationTask                 1.0.0.0    PKI    
Cmdlet          Set-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
Cmdlet          Switch-Certificate                                 1.0.0.0    PKI    
Cmdlet          Test-Certificate                                   1.0.0.0    PKI

Create the certificate for you domain name (replace DOMAIN_NAME with your actual domain name, e.g. my-controlroom.eastus.cloudapp.azure.com):

New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My

Open MMC (Microsoft Management Console) with the following command:

mmc

Find the newly created certificate in MMC (easiest to follow along in YouTube video):

File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK
Certificates (Local Computer) > Personal > Certificates > YOUR_CERTIFICATE

Export the certificate to a file:

Right click on your cert > All Tasks > Export
From the “Certificate Export Wizard”
- Yes, export the private key
- Check “Include all certificates in the certification path if possible”
- Uncheck “Enable certificate privacy”
- Set password (anything should be fine)
- File can go anywhere you want (used in the next step as PFX_FILE_PATH)
- Finish

Set the Certificate on the Server

Open PowerShell in administrator mode

Navigate to your AA installation path, probably C:\Program Files\Automation Anywhere\Automation360

cd "C:\Program Files\Automation Anywhere\Automation360"

Run the following command (replace AA_INSTALLATION_PATH with the AA path from the last step, PFX_FILE_PATH with the file path set above and PASSWORD with the password set above):

jdk11\\bin\\java -jar certmgr.jar -appDir "AA_INSTALLATION_PATH" -setServerCert "PFX_FILE_PATH" -privateKeyPass PASSWORD

Restart the “Automation Anywhere Control Room Reverse Proxy” service (see here)

Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it.