1. SSL Certificate Requirements:

A valid SSL certificate for the Fully Qualified Domain Name (FQDN) or machine name Two:

  1. IIS: Create a self-signed SSL certificate from the machine where the Automate Enterprise Server is installed.
  2. OpenSSL: Create a SSL certificate using -subj "/CN=machinename"
    1. openssl req -x509 -newkey rsa:4096 -sha256 -keyout keypair.key -out keypair.crt -days 365 -subj "/CN=machinename"
    2. openssl pkcs12 -export -out cert.pfx -inkey keypair.key -in keypair.crt

2. Verify You Are on the Machine Running the Automate Enterprise Server

  1. From an elevated command prompt, type “mmc” and then hit Enter.
  2. In the Console dialog box that opens:
    1. Select File > Add/Remove Snap-in.
    2. From the Available snap-ins list, double-click on Services.
    3. Select Local computer.
    4. Click Finish.
    5. Click OK to close the Add or Remove Snap-ins dialog box.
  3. Under Console Root, select Services (Local).
  4. In the list of services, verify the following are present:
    1. “Automate Enterprise 11 Execution Server”
    2. "Automate Enterprise 11 Management Server”

3. Verify the SSL Certificate is Installed in the Certificate Store

  1. With the Console dialog box still open, do the following:
    1. Select File > Add/Remove Snap-in.
    2. From the Available snap-ins, double-click on Certificates.
    3. Select Computer account.
    4. Click Next.
    5. Click Finish
    6. Click OK to close the Add or Remove Snap-ins dialog box.
  2. Under Console Root, expand Certificates (Local Computer).
  3. Expand Personal.
  4. Select Certificates
  5. Verify the SSL certificate is listed (possibly in a sub-folder).

Note: Unless all components are stored on the same machine (that is, no remote agents or Development Tools are installed), the certificate needs be issued to the FQDN of the Execution server and not localhost.

4. Identify the SSL Certificate Thumbprint

  1. Double-click on the certificate.
  2. Select the Details tab.
  3. Scroll to the bottom of the list and select Thumbprint.
  4. Copy the Thumbprint Value to the clipboard.
  5. Click OK to close the Certificate dialog box.

5. Bind SSL Certificate to HTTP Ports

From an elevated command prompt, run the following commands, replacing "???" with the thumbprint value of the certificate:

  • netsh http add sslcert ipport=0.0.0.0:9715 certhash=??? appid={00112233-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable
  • netsh http add sslcert ipport=0.0.0.0:9718 certhash=??? appid={00112233-4455-6677-8899-AABBCCDDEEFF} clientcertnegotiation=enable

6. Disable Windows Firewall

Disable the firewall in Microsoft Windows.

7. Verify Automate Plus/Ultimate is Licensed

  1. Open the Automate Enterprise Management Console application.
  2. Select Options.
  3. Select Licenses.
  4. Verify the current license is valid.

8. Configure Agents to Connect by FQDN

  1. On each agent machine, open the Windows Registry Editor (regedit.exe).
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\AutoMate\Automate Agent 11\TaskService\Agent.
  3. Double-click on Host and enter the FQDN for the Execution machine in the Value data text box, which will be the same as SSL certificate.
  4. Return to Windows Services.
  5. Right-click on Automate Enterprise 11 Agent and then select Restart.
  6. Verify the agent can connect by FQDN.

9. Configure Management Service to Connect by FQDN

  1. For this step, the Automate Enterprise 11 services will need to be stopped briefly.
  2. In Windows Services, individually right-click and then select Stop for each of the following services:
    1. Automate Enterprise 11 Agent
    2. Automate Enterprise 11 Execution Server
    3. Automate Enterprise 11 Management Server 
  3. Depending if you are running the 32-bit or 64-bit version of Automate Enterprise 11, browse to C:\Program Files\Automate Enterprise 11 or C:\Program Files\Automate Enterprise 11 (x86).
  4. Double-click on ConfigurationEditor.exe.
  5. In the Automate Enterprise 11 Configuration Utility, expand Management Server Settings section.
  6. Replace the Execution Server Host value with the FQDN for the Execution Server.
  7. Click OK.
  8. Click Yes to restart the Automate Enterprise 11 Execution Server service.
  9. Wait 10 seconds
  10. In Windows Services, right-click on Automate Enterprise 11 Management Server and select Start.
  11. Wait 10 seconds.
  12. Right-click on Automate Enterprise 11 Agent and select Start.
  13. Open the Automate Enterprise Management Console and verify that you are still able to connect.

Note: If the Automate Enterprise 11 Execution Server or Automate Enterprise 11 Management Server services are running when the Automate Enterprise Configuration Utility is opened, the connection strings cannot be modified. The services must be fully stopped prior to opening the utility.

10. Configure Automate Enterprise to Use SSL Certificate

  1. Open the Automate Enterprise Management Console application.
  2. Select Options.
  3. Select Server Settings
  4. Double-click on SSL.
  5. Select Use SSL.
  6. For Store Name, select My/Personal.
  7. For Search Type, select Thumbprint.
  8. For Search String, enter the certificate's Thumbprint Value from step 4 (Identify the SSL Thumbprint Certificate).
  9. Click OK.
  10. Click OK.

11. Shutdown and Restart Automate Enterprise Services

  1. On the machine where the Automate Enterprise Server is running:
    1. From an elevated command prompt, type “mmc” and then hit Enter.
    2. In the Console dialog box that opens:
      1. Select File > Add/Remove Snap-in.
      2. From the Available snap-ins list, double-click on Services.
      3. Select Local computer.
      4. Click Finish.
      5. Click OK to close the Add or Remove Snap-ins dialog box.
      6. Under Console Root, select Services (Local).
    3. From the list of services, perform the following the in the order shown:
      1. Right-click on Automate Enterprise 11 Management Server service select Stop.
      2. Right-click on Automate Enterprise 11 Execution Server and select Stop.
      3. Right-click on Automate Enterprise 11 Execution Server and select Stop.
      4. Right-click on Automate Enterprise 11 Management Server and select Start.
  2. On any machine where the Automate Enterprise Agent is running:
    1. From an elevated command prompt, type “mmc” and then hit Enter.
    2. In the Console dialog box that opens:
      1. Select File > Add/Remove Snap-in.
      2. From the Available snap-ins list, double-click on Services.
      3. Select Local computer.
      4. Click Finish.
      5. Click OK to close the Add or Remove Snap-ins dialog box.
    3. Under Console Root, select Services (Local).
    4. From the list of services, perform the following in the order shown:
      1. Right-click on Automate Enterprise 11 Agent and select Stop.
      2. Right-click on Automate Enterprise 11 Agent and select Start.

12. Verify SSL is Working

  1. Verify the Automate Enterprise services are using the correct SSL ports:
    1. From an elevated command prompt, type “mmc” and then hit Enter.
    2. In the Console dialog box that opens:
      1. Select File > Add/Remove Snap-in.File.
      2. From the Available snap-ins list, double-click on Event Viewer.
      3. Select Local computer.
      4. Click OK.
      5. Click OK.
    3. Expand Event Viewer (Local).
    4. Expand Windows Logs.
    5. Select Application.
    6. Scroll through the events and verify the following:
      1. There is an event from the source Automate Execution Server 11 with the following description:
        1. "Service is bound to: tcp://0.0.0.0:9725/BPAServer/CommBridge/"
      2. There is an event from the source Automate Execution Server 11 with the following description:
        1. "Service is bound to: tcp://0.0.0.0:9715/BPAExecutionServer/"
      3. There is an event from the source Automate Management Server 11 with the following description:
        1. "Service is bound to: https//0.0.0.0:9718/BPAManagementServer/"
  2. Verify the Automate Enterprise Management Console connects:
    1. Open the Automate Enterprise Management Console application.
    2. Verify the Management Console connects properly and expected functionality is available.
  3. Verify the Automate Enterprise Agent connects:
    1. With the Console dialog box still open and Application selected, scroll through the events and verify there is an event from the source Automate Agent 11 with the following description:
      1. "Connection made to Automate Enterprise at local host on port 9715. Disregard following message."

13.Turning SSL Off by the Way of the Automate Database

  1. You can update the query by changing the value of the UseSSL column of the serverproperties table of your Automate Database.
  2. An example of this query is below:
    1. UPDate [DatabaseName].[dbo].[serverproperties]

      Set [UseSSL] = 0

  3. The Automate services will need to be restarted for this change to take effect.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: March 17, 2020