automation-suite
2022.4
false
UiPath logo, featuring letters U and I in white

Automation Suite Installation Guide

Last updated Dec 16, 2024

MongoDB Certificate Renewal

MongoDB uses two types of certificates for a secure connection within the Automation Suite cluster:

  • CA root certificate
  • TLS certificate

Starting with 2022.4.0, the MongoDB certificates generated during installation are valid for three years.

For environments upgraded from versions before 2021.10.3 to 2022.4, follow the steps described in this page for MongoDB certificate rotation. The generated MongoDB certificates are valid for three years.

Note:

For fresh 2022.4 installations and onward, the certificate rotation is done automatically. The CA certificate is renewed automatically 30 days before it expires, while the TLS certificate is renewed 20 days before it expires. Because of this, there is no user intervention needed to maintain the validity of the certificates.

However, if you want to renew the certificates manually, you can use the certificate rotation CLI. Follow the steps below to run the certificate rotation.

  1. SSH to the VM node.
    ssh <username>@<node-fqdn>ssh <username>@<node-fqdn>
  2. Assume the super user role by running the command below.
    sudo susudo su
  3. Go to the installation (for fresh installations) or upgrade (for upgraded environments) directory by running the command below.
    cd <Installation/Upgrade Directory>cd <Installation/Upgrade Directory>
  4. Copy the rotate-cert.sh script below to the installation directory.
    ./configureUiPathAS.sh mongodb rotate-certificate
    kubectl -n mongodb get secret/tls-ca-key-pair -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/.certs/ca.crt
    kubectl -n mongodb create configmap mongo-ca --from-file="/tmp/.certs/ca.crt" --dry-run=client -o yaml | kubectl replace -f -
    kubectl rollout restart sts mongodb-replica-set -n mongodb./configureUiPathAS.sh mongodb rotate-certificate
    kubectl -n mongodb get secret/tls-ca-key-pair -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/.certs/ca.crt
    kubectl -n mongodb create configmap mongo-ca --from-file="/tmp/.certs/ca.crt" --dry-run=client -o yaml | kubectl replace -f -
    kubectl rollout restart sts mongodb-replica-set -n mongodb
  5. Run the certificate rotation script by using the command below.
    chmod u+x rotate-cert.sh
    ./rotate-cert.shchmod u+x rotate-cert.sh
    ./rotate-cert.sh

The certificate rotation script takes around 5-10 minutes to complete. The new certificates generated by the script are valid for three years from the time of creation and are automatically renewed as per the timeline mentioned above.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.