Create a Control Room Certificate on Windows

Create the Certificate

Watch this YouTube video from 0:30 to 3:47. Here are the written instructions:

• Open PowerShell

• Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output:

  Copy

  $ Get-Command -Module PKI
   CommandType     Name                                               Version    Source
  -----------     ----                                               -------    ------ 
  Cmdlet          Add-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
  Cmdlet          Export-Certificate                                 1.0.0.0    PKI    
  Cmdlet          Export-PfxCertificate                              1.0.0.0    PKI    
  Cmdlet          Get-Certificate                                    1.0.0.0    PKI    
  Cmdlet          Get-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
  Cmdlet          Get-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
  Cmdlet          Get-CertificateNotificationTask                    1.0.0.0    PKI    
  Cmdlet          Get-PfxData                                        1.0.0.0    PKI    
  Cmdlet          Import-Certificate                                 1.0.0.0    PKI    
  Cmdlet          Import-PfxCertificate                              1.0.0.0    PKI    
  Cmdlet          New-CertificateNotificationTask                    1.0.0.0    PKI    
  Cmdlet          New-SelfSignedCertificate                          1.0.0.0    PKI    
  Cmdlet          Remove-CertificateEnrollmentPolicyServer           1.0.0.0    PKI    
  Cmdlet          Remove-CertificateNotificationTask                 1.0.0.0    PKI    
  Cmdlet          Set-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
  Cmdlet          Switch-Certificate                                 1.0.0.0    PKI    
  Cmdlet          Test-Certificate                                   1.0.0.0    PKI 

• Create the certificate for you domain name (replace DOMAIN_NAME with your actual domain name, e.g. my-controlroom.eastus.cloudapp.azure.com):

  Copy

  New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My

• Open MMC (Microsoft Management Console) with the following command:

  Copy

  mmc

• Find the newly created certificate in MMC (easiest to follow along in YouTube video):

  • File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK

  • Certificates (Local Computer) > Personal > Certificates > YOUR_CERTIFICATE

• Export the certificate to a file:

  • Right click on your cert > All Tasks > Export

  • From the “Certificate Export Wizard”

    • Yes, export the private key

    • Check “Include all certificates in the certification path if possible”

    • Uncheck “Enable certificate privacy”

    • Set password (anything should be fine)

    • File can go anywhere you want (used in the next step as PFX_FILE_PATH)

    • Finish

Set the Certificate on the Server

See official Automation Anywhere source documentation.

• Open PowerShell in administrator mode

• Navigate to your AA installation path, probably C:\Program Files\Automation Anywhere\Automation360

• Run the following command (replace AA_INSTALLATION_PATH with the AA path from the last step, PFX_FILE_PATH with the file path set above and PASSWORD with the password set above):

• Restart the “Automation Anywhere Control Room Reverse Proxy” service (see here)

• Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it.

Trust the Certificate on the Client

See official Automation Anywhere source documentation.