Create a Control Room Certificate on Windows

Create the Certificate

Watch this YouTube video from 0:30 to 3:47. Here are the written instructions:

  • Open PowerShell

  • Verify you have the PKI (Public Key Infrastructure) module by making sure the following command returns similar output:

    $ Get-Command -Module PKI
     CommandType     Name                                               Version    Source
    -----------     ----                                               -------    ------ 
    Cmdlet          Add-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
    Cmdlet          Export-Certificate                                 1.0.0.0    PKI    
    Cmdlet          Export-PfxCertificate                              1.0.0.0    PKI    
    Cmdlet          Get-Certificate                                    1.0.0.0    PKI    
    Cmdlet          Get-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
    Cmdlet          Get-CertificateEnrollmentPolicyServer              1.0.0.0    PKI    
    Cmdlet          Get-CertificateNotificationTask                    1.0.0.0    PKI    
    Cmdlet          Get-PfxData                                        1.0.0.0    PKI    
    Cmdlet          Import-Certificate                                 1.0.0.0    PKI    
    Cmdlet          Import-PfxCertificate                              1.0.0.0    PKI    
    Cmdlet          New-CertificateNotificationTask                    1.0.0.0    PKI    
    Cmdlet          New-SelfSignedCertificate                          1.0.0.0    PKI    
    Cmdlet          Remove-CertificateEnrollmentPolicyServer           1.0.0.0    PKI    
    Cmdlet          Remove-CertificateNotificationTask                 1.0.0.0    PKI    
    Cmdlet          Set-CertificateAutoEnrollmentPolicy                1.0.0.0    PKI    
    Cmdlet          Switch-Certificate                                 1.0.0.0    PKI    
    Cmdlet          Test-Certificate                                   1.0.0.0    PKI 
  • Create the certificate for you domain name (replace DOMAIN_NAME with your actual domain name, e.g. my-controlroom.eastus.cloudapp.azure.com):

    New-SelfSignedCertificate -Subject "CN=DOMAIN_NAME" -FriendlyName "DOMAIN_NAME" -DnsName "DOMAIN_NAME" -NotAfter (Get-Date).AddMonths(36) -CertStoreLocation cert:\\LocalMachine\\My
  • Open MMC (Microsoft Management Console) with the following command:

    mmc
  • Find the newly created certificate in MMC (easiest to follow along in YouTube video):

    • File > Add/Remove Snap-in… > Certificates > Add > Computer account > Next > Local computer > Finish > OK

    • Certificates (Local Computer) > Personal > Certificates > YOUR_CERTIFICATE

  • Export the certificate to a file:

    • Right click on your cert > All Tasks > Export

    • From the “Certificate Export Wizard”

      • Yes, export the private key

      • Check “Include all certificates in the certification path if possible”

      • Uncheck “Enable certificate privacy”

      • Set password (anything should be fine)

      • File can go anywhere you want

      • Finish

Set the Certificate on the Server

See official Automation Anywhere source documentation.

  • Open PowerShell in administrator mode

  • Navigate to your AA installation path, probably C:\Program Files\Automation Anywhere\Automation360

    cd "C:\Program Files\Automation Anywhere\Automation360"
  • Run the following command (replace AA_INSTALLATION_PATH with the AA path from the last step, PFX_FILE_PATH with the file path set above and PASSWORD with the password set above):

    jdk11\\bin\\java -jar certmgr.jar -appDir "AA_INSTALLATION_PATH" -setServerCert "PFX_FILE_PATH" -privateKeyPass PASSWORD
  • Restart the “Automation Anywhere Control Room Reverse Proxy” service (see here)

  • Navigate to your Control Room URL (on any machine) and notice it’s using the new certificate. However, it’s still not trusted. See the next section to trust it.

Last updated

Was this helpful?