ai-center
2022.4
true
AI Center Installation Guide
Automation CloudAutomation SuiteStandalone
Last updated Jun 6, 2024

Configuring the certificates

For more information on how to configure the certificates, check the Configuring the certificates page from the Automation Suite guide.

Certificate requirements

AI Center requires the following certificate at the time of installation:

  • Server certificate — required for TLS communication between the client and the cluster;
Note: The installation process generates self-signed certificates on your behalf, but we recommend updating these with certificates signed by a trusted certificate authority as soon as installation completes.

Server certificate requirements

The server certificate must meet the following requirements:

  • File format should be .pem, i.e., Base64 encoded DER certificate;
  • Private key length should be at least 2048;
  • Extended Key Usage: TLS Web Server Authentication; required for accessing Automation Suite on iOS devices;
  • Should have Subject Alternative Name for all the DNS entries required for installing Automation Suite. If the FQDN for the cluster is automationsuite.mycompany.com, the certificate SAN should have the following DNS:
    • automationsuite.mycompany.com
    • *.automationsuite.mycompany.com
      Note: Alternatively if the * wildcard is too generic, make sure you have SAN entries for the following DNS:
      • automationsuite.mycompany.com
      • alm.automationsuite.mycompany.com
      • monitoring.automationsuite.mycompany.com
      • registry.automationsuite.mycompany.com
      • objectstore.automationsuite.mycompany.com
      • insights.automationsuite.mycompany.com

Server certificate files

AI Center requires three files at the time of installation, as follows:

  • Server / TLS certificate file — the server’s public certificate file.
  • Server / TLS key file — private key file for the server certificate.
  • Certificate Authority Bundle — this is the Public Certificate of CA which is used to sign or issue the server certificate.

Configuring the certificates

We generate certificates on your behalf at installation time, so no configuration is needed.

They have a 90-day lifecycle, so you need to update them within that time. However, we strongly recommend that you update those certificates as soon as installation completes.

Updating cluster certificates

Note:

We recommend that the certificates you bring are signed by a trusted certificate authority.

If the trusted certificate is not provided, then few additional steps are required for self-signed certificate to access Automation Suite.

The installation bundle provides a cluster management tool that enables you to update certificates post installation.

In order to access, make sure you navigate to the location where the installer bundle is located:

cd ~/UiPathAutomationSuite/cd ~/UiPathAutomationSuite/
Run the configureUiPathAS.sh script to update the certificate as shown in the following section.

Updating the TLS certificate

You need to specify the absolute path to each of the following three certificate files. All the certificate file should be in .pem format.
  • Certificate Authority Bundle — This bundle should contain the certificate which is used to sign the tls server certificate.
  • Server Certificate — Public server certificate
  • Private key — Private key for server certificate

You also need the cluster FQDN as an input.

sudo ./configureUiPathAS.sh tls-cert update --ca-cert-file /path/to/cacert --tls-cert-file /path/to/tlscert --tls-key-file /path/to/tlskey --fqdn <cluster_fqdn>sudo ./configureUiPathAS.sh tls-cert update --ca-cert-file /path/to/cacert --tls-cert-file /path/to/tlscert --tls-key-file /path/to/tlskey --fqdn <cluster_fqdn>
Certificate files are stored in location /directory/path/to/store/certificate.

Accessing the TLS certificate

To print out the certificate files, run the following command, specifying the directory where certificates are stored.

sudo ./configureUiPathAS.sh tls-cert get --outpath /directory/path/to/store/certificatesudo ./configureUiPathAS.sh tls-cert get --outpath /directory/path/to/store/certificate

Accessing a cluster that uses self-signed certificates

If you are using self-signed certificate, take the following steps to access the cluster:

You need to add CA (Certificate Authority) Bundle certificate to the trust store for the following:

  • Client machine
    • Machine on which robot is will run
    • Machine on which you will access Automation Suite from the browser.
  • First server machine (requirement for airgapped)
    • Machine on which airgapped bundle will be downloaded and extracted.

Use the following command to add the certificate to the trust store of the RHEL machine.

sudo cp --remove-destination rootCA.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trustsudo cp --remove-destination rootCA.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.