AI Center

2021.10

false

Getting Started
- About this guide
- About Installation
  - Supported Use Cases for Single-node and Multi-node Installations
  - Downloading Installation Packages
Network Requirements
- Requirements
Single-Node Requirements and Installation
- Requirements
- Configuring the machines
- Configuring the DNS
- Configuring MS SQL Server
- Configuring the Certificates
- Configuring Orchestrator
- Online Single-node Installation
  - Procedure
- Offline Single-node Installation
  - Procedure
Multi-Node Requirements and Installation
Post-installation
- Overview
Provisioning a GPU
- Provisioning a GPU
Using the Configuration File
- About the Configuration File
Node Scheduling
- Manage Node Scheduling
Migration and Upgrade
- Migrating to the Standalone or Automation Suite Environment
- Upgrading AI Center
Basic Troubleshooting Guide
- General AI Center Troubleshooting and FAQs
- AI Center™ Standalone Troubleshooting

AI Center Installation Guide

Last updated Mar 11, 2024

Configuring the Certificates

Certificate Requirements

AI Center™ requires the following certificate at the time of installation:

Server certificate — required for TLS communication between the client and the cluster;

Note: The installation process generates self-signed certificates on your behalf, but we recommend updating these with certificates signed by a trusted certificate authority as soon as installation completes.

Server Certificate Requirements

The server certificate must meet the following requirements:

File format should be .pem, i.e., Base64 encoded DER certificate;
Private key length should be at least 2048;
Extended Key Usage: TLS Web Server Authentication; required for accessing Automation Suite on iOS devices;
Should have Subject Alternative Name for all the DNS entries required for installing Automation Suite. If the FQDN for the cluster is automationsuite.mycompany.com, the certificate SAN should have the following DNS:
- automationsuite.mycompany.com
- *.automationsuite.mycompany.com
  Note: Alternatively if the * wildcard is too generic, make sure you have SAN entries for the following DNS:
  - automationsuite.mycompany.com
  - alm.automationsuite.mycompany.com
  - monitoring.automationsuite.mycompany.com
  - registry.automationsuite.mycompany.com
  - objectstore.automationsuite.mycompany.com
  - insights.automationsuite.mycompany.com

Server Certificate Files

AI Center™ requires three files at the time of installation, as follows:

Server / TLS certificate file — the server’s public certificate file.
Server / TLS key file — private key file for the server certificate.
Certificate Authority Bundle — this is the Public Certificate of CA which is used to sign or issue the server certificate.

Configuring the Certificates

We generate certificates on your behalf at installation time, so no configuration is needed.

They have a 90-day lifecycle, so you need to update them within that time. However, we strongly recommend that you update those certificates as soon as installation completes.

Updating Cluster Certificates

Note:

We recommend that the certificates you bring are signed by a trusted certificate authority.

If the trusted certificate is not provided, then few additional steps are required for self-signed certificate to access Automation Suite.

The installation bundle provides a cluster management tool that enables you to update certificates post installation.

In order to access, make sure you navigate to the location where the installer bundle is located:

cd ~/UiPathAutomationSuite/cd ~/UiPathAutomationSuite/

Run the configureUiPathAS.sh script to update the certificate as shown in the following section.

Updating the TLS certificate

You need to specify the absolute path to each of the following three certificate files. All the certificate file should be in .pem format.

Certificate Authority Bundle — This bundle should contain the certificate which is used to sign the tls server certificate.
Server Certificate — Public server certificate
Private key — Private key for server certificate

You also need the cluster FQDN as an input.

sudo ./configureUiPathAS.sh tls-cert update --ca-cert-file /path/to/cacert --tls-cert-file /path/to/tlscert --tls-key-file /path/to/tlskey --fqdn <cluster_fqdn>sudo ./configureUiPathAS.sh tls-cert update --ca-cert-file /path/to/cacert --tls-cert-file /path/to/tlscert --tls-key-file /path/to/tlskey --fqdn <cluster_fqdn>

Certificate files are stored in location /directory/path/to/store/certificate.

Accessing the TLS certificate

To print out the certificate files, run the following command, specifying the directory where certificates are stored.

sudo ./configureUiPathAS.sh tls-cert get --outpath /directory/path/to/store/certificatesudo ./configureUiPathAS.sh tls-cert get --outpath /directory/path/to/store/certificate

Accessing a Cluster That Uses Self-signed Certificates

If you are using self-signed certificate, take the following steps to access the cluster:

You need to add CA (Certificate Authority) Bundle certificate to the trust store for the following:

Client machine
- Machine on which robot is will run
- Machine on which you will access Automation Suite from the browser.
First server machine (requirement for airgapped)
- Machine on which airgapped bundle will be downloaded and extracted.

Use the following command to add the certificate to the trust store of the RHEL machine.

sudo cp --remove-destination rootCA.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trustsudo cp --remove-destination rootCA.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

On this page

Certificate Requirements
Server Certificate Requirements
Server Certificate Files
Configuring the Certificates
Updating Cluster Certificates
Accessing a Cluster That Uses Self-signed Certificates

Was this page helpful?

PREVIOUSConfiguring MS SQL Server

NEXTConfiguring Orchestrator

Support and Services

Get The Help You Need

UiPath Academy

Learning RPA - Automation Courses

UiPath Forum

UiPath Community Forum

Trust and Security

Cookies Policy