Scribd
Upload
59 views3 pages

Common Configuration Needs

This document discusses common configuration needs for an Orchestrator installation, including changing the Orchestrator and Identity Server URLs when upgrading infrastructure, and replacing expired SSL certificates. The Orchestrator and Identity Server must use the same new certificate to ensure they can securely communicate. The certificate must be installed on all servers, have a private key, and match the server URLs. The certificate private key permissions also need to be updated for the Orchestrator and Identity Server accounts.

Uploaded by

Kenneth Balobalo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
59 views3 pages

Common Configuration Needs

This document discusses common configuration needs for an Orchestrator installation, including changing the Orchestrator and Identity Server URLs when upgrading infrastructure, and replacing expired SSL certificates. The Orchestrator and Identity Server must use the same new certificate to ensure they can securely communicate. The certificate must be installed on all servers, have a private key, and match the server URLs. The certificate private key permissions also need to be updated for the Orchestrator and Identity Server accounts.

Uploaded by

Kenneth Balobalo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Common

Configuration
Needs
Orchestrator Installation and Troubleshooting
Common Configuration Needs
1. Why do we change the Orchestrator/Identity Server URL in some situations? There are
situations in which the Orchestrator URL needs to be changed. For example, when the
infrastructure is upgraded from single node to multi node. Consequently, the Identity
Server URL also needs to be changed.

2. Changing the Orchestrator SSL certificate and the Identity Server token-signing certificate.

The Orchestrator and the Identity Server communicate over HTTPS. They use SSL certificate to
establish the secure connection. Also, Identity Server uses the Private Key of the Certificate to
sign tokens.

For Orchestrator deployments using the 2020.4 version or higher, when the SSL certificate
expires, the change has to apply to applications, Orchestrator and Identity.

a. The certificate needs to meet the following requirements.


o All the servers in the cluster must trust it. (You can add it in "Local Computer"
under "Personal" and "Trusted Root Certification Authorities")
o It must have a private key: In Certificates Store (Local
Computer)\Personal\Certificates -> right click the certificate -> All Tasks -> Check if
"Manage Private Keys" option is displayed. If it is not, then the certificate only has
a public key and is not valid to use for UiPath Infrastructure.
o The "Subject Alternative Name" of the certificate needs to exactly meet the
Orchestrator site URL and in case of multi-node environment with NLB it needs to
contain the NLB URL as well.
o The user that is running under Orchestrator and Identity Server sites must have
access over the private key of the certificate:
▪ If you are using ApplicationPoolIdentity, go to Personal store > All Tasks >
Manage Private Keys, and give read permission to the IIS AppPool\UiPath
Orchestrator user or to the "IIS_IUSRS" group.
▪ If you are using a custom account, go to Personal store > All Tasks >
Manage Private Keys, and give read permissions to the custom user that is
set on the Orchestrator Application Pool.
b. The Orchestrator and the Identity Server must use the same certificate, since the Identity
Server will sign the tokens using the private key and Orchestrator will validate it based on
the public key:
o Orchestrator
▪ Open the Internet Information Services (IIS) Manager (Start > Run >
inetmgr).
▪ Click the site you want to secure with the SSL certificate. (This process is
called binding).
▪ In the Actions panel on the right, click Bindings.

Orchestrator Installation and Troubleshooting 2


▪ Double-click the site binding.
▪ SSL certificate -> in the dropdown specify the certificate that you are binding.
▪ Click OK.
o Identity Server
▪ Locate the Appsettings.Production.json of Identity, which by default can be
found at "C:\Program Files (x86)\UiPath\Orchestrator\Identity".
▪ Open the file with any text editor and locate the "Name" section.
▪ Change it with the thumbprint of the new certificate.
▪ Go to IIS -> Orchestrator site -> Manage Website Panel -> Restart the site.

Orchestrator Installation and Troubleshooting 3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy