Automation Suite
2023.10
false
Security and compliance - Automation Suite 2023.10
Banner background image
logo
Automation Suite on Linux Installation Guide
Last updated Feb 13, 2024

Security and compliance

Enabling FIPS 140-2

Federal Information Processing Standards 140-2 (FIPS 140-2) is a security standard that validates the effectiveness of cryptographic modules.

You can enable FIPS 140-2 on the machines on which you install Automation Suite in the following scenarios:

  1. Scenario 1: new installations - Enable FIPS 140-2 before performing a clean installation of Automation Suite 2023.4 or later.
  2. Scenario 2: existing installations - Enable FIPS 140-2 after peforming an Automation Suite installation on a machine with FIPS-140-2 disabled.

Scenario 1: new installations

To enable FIPS 140-2 on the machines where you plan to perform a fresh installation of Automation Suite, take the following steps:

  1. Before starting the Automation Suite installation, enable FIPS 140-2 on your machines.

    For details, see Enabling FIPS 140-2.

  2. Perform the Automation Suite installation by following the installation instructions in this guide.
    • If you install AI Center on a FIPS 140-2-enabled machine and also use Microsoft SQL Server, some additional configuration is required. For details, see SQL requirements for AI Center.
    • Make sure Insights is disabled as it is not supported on FIPS 140-2.
  3. Make sure your certificates are FIPS 140-2-compatible.
    Note:

    By default, Automation Suite generates self-signed FIPS 140-2-compatible certificates whose expiry date depends on the type of Automation Suite installation you choose.

    You are strongly recommended to replace these self-signed certificates with CA-issues certificates at installation time. To use Automation Suite on FIPS 140-2-enabled machines, the newly provided certificates must be FIPS 140-2-compatible. For a list of eligible ciphers supported by RHEL, see RHEL documentation.

    • To update the token-signing certificates, run:
      sudo ./configureUiPathAS.sh identity token-cert update --cert-file-path /path/to/cert --cert-key-file-path /path/to/certkeysudo ./configureUiPathAS.sh identity token-cert update --cert-file-path /path/to/cert --cert-key-file-path /path/to/certkey
    • To update the TLS certificates, run:
      ./configureUiPathAS.sh additional-ca-certs update --ca-cert-file /path/to/ca/certs./configureUiPathAS.sh additional-ca-certs update --ca-cert-file /path/to/ca/certs

    For more on certificates, see Managing the certificates.

Scenario 2: existing installations

You can install Automation Suite on machines with FIPS 140-2 disabled, and then enable the security standard on the same machines. This is also possible when you upgrade to a new Automation Suite version.

To enable FIPS 140-2 on the machines where you already performed an Automation Suite installation, take the following steps:

  1. Perform a regular Automation Suite installation or upgrade operation on machines with FIPS 140-2 disabled.
  2. Enable FIPS 140-2 by running the following command on all your machines:
    fips-mode-setup --enablefips-mode-setup --enable
  3. Make sure your certificates are FIPS 140-2-compatible.
    Note:

    To use Automation Suite on FIPS 140-2-enabled machines, you must replace your certificates with new FIPS 140-2-compatible certificates signed by a CA. For a list of eligible ciphers supported by RHEL, see RHEL documentation.

    • To update the token-signing certificates, run:
      sudo ./configureUiPathAS.sh identity token-cert update --cert-file-path /path/to/cert --cert-key-file-path /path/to/certkeysudo ./configureUiPathAS.sh identity token-cert update --cert-file-path /path/to/cert --cert-key-file-path /path/to/certkey
    • To update the TLS certificates, run:
      ./configureUiPathAS.sh additional-ca-certs update --ca-cert-file /path/to/ca/certs./configureUiPathAS.sh additional-ca-certs update --ca-cert-file /path/to/ca/certs

    For more on certificates, see Managing the certificates.

  4. Make sure your product selection is in line with the FIPS-140-2 requirements:
    • If you install AI Center on a FIPS 140-2-enabled machine and also use Microsoft SQL Server, some additional configuration is required. For details, see SQL requirements for AI Center.
    • If you previously enabled Insights, you must disable it as it is not supported on FIPS 140-2. For details on how to disable products post-installation, see Managing products.
  5. Reboot your machines and check if you successfully enabled FIPS 140-2.
    fips-mode-setup --checkfips-mode-setup --check
  6. Rerun the install-uipath.sh service installer:
    • In an online environment, run:

      ./install-uipath.sh -i cluster_config.json -o output.json -s --accept-license-agreement – Online -- online./install-uipath.sh -i cluster_config.json -o output.json -s --accept-license-agreement – Online -- online
    • In an offline environment, run:

      ./install-uipath.sh -i ./cluster_config.json -o ./output.json -s --offline-bundle /uipath/tmp/sf.tar.gz --offline-tmp-folder /uipath/tmp --accept-license-agreement./install-uipath.sh -i ./cluster_config.json -o ./output.json -s --offline-bundle /uipath/tmp/sf.tar.gz --offline-tmp-folder /uipath/tmp --accept-license-agreement
  • Enabling FIPS 140-2
  • Scenario 1: new installations
  • Scenario 2: existing installations
Support and Services icon
Get The Help You Need
UiPath Academy icon
Learning RPA - Automation Courses
UiPath Forum icon
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.