Skip to main content

Replacing the Pega RDA certificate with a self-provisioned certificate

Suggest edit Updated on April 20, 2022

The certificates that Pega includes with Pega Robotic Automation expire one year after Pega generates the certificate. Because of this, best practice is to use a self-provisioned certificate that is provisioned through an internal certificate authority, or a third-party certificate authority, or to use a certificate that is self signed so you can choose the the expiration of the certificate. The following steps explain how to replace an expired Pega certificate with your self-provisioned certificate.

Note: If you are unable to provide a certificate and you want to continue using the Pega-provided certificate, contact Pega Support.

Locating the port

Use a Robot Runtime computer in a production environment to locate and verify the port that Robot Runtime uses to communicate with the Pega application. Bind your certificate's REST service to this port to ensure secure communications between Robot Runtime and the Pega application. The default port is 9443.

  1. In a text editor, open a RuntimeConfig.xml file used in a production environment. This file is located at %appdata%\OpenSpan (for 8.0 SP1 and earlier versions).
  2. In the Robotics > LocalApiService section, locate the port key. The value stored in this key is the port binding. Make a note of this value. The following is an example of a port key:

<LocalApiService enabled="true" SSL="true" port="9443" allowedOrigins="*pega.com" JWTSecurity="false" PegaServerURL="https://MyPegaServer.com/prweb"/>

Creating the script

You can create a batch or PowerShell script to make installing the certificate easier. Download and open the sample scripts from the following ZIP file:

Sample scripts for installing local Robot Runtime certificates

Customize these scripts to install the certificate. After you customize the script, run the saved script on each Robot Runtime computer that needs an updated certificate.

Customizing the batch file

  1. Open the sample batch file in a text editor.
  2. Replace Line 5 - ipport PortNumber with the port number that you verify in the Locating the port section above.
  3. Replace Line 8 - p value with the password for the self-provisioned certificate.
  4. Replace Line 8 - importpfx value with the path to the certificate.
  5. Replace Line 11 - $certHash value with the certificate hash value.
  6. Replace Line 11 - $port value with the port binding number.
  7. Save the batch file.

The following is an excerpt from the script in the sample batch file:

Excerpt from sample batch file script for installing local Robot Runtime certificates
Excerpt from sample batch file script for installing local Robot Runtime certificates
Note: You can provision the certificate with the localruntime.pega.com domain name, or you can choose another domain name. Ensure that the domain resolves to 127.0.0.1 for the Robot Runtime and Robot Studio computers on which you want to develop and run attended automations.

Customizing the PowerShell file

  1. Open the sample PowerShell file in a text editor.
  2. Replace Line 5 - ipport PortNumber with the port number that you verify in the Locating the port section.
  3. Replace Line 8 -  p value with the password for the self-provisioned certificate.
  4. Replace Line 8 - importpfx value with the path to the certificate.
  5. Replace Line 12 - $certHash value with the certificate hash value.
  6. Replace Line 14 - $port value with the port binding number.
  7. Save the PowerShell file.

The following is an excerpt from the script in the sample PowerShell file:

Excerpt from sample PowerShell script for installing local Robot Runtime certificates
Excerpt from sample PowerShell script for installing local Robot Runtime certificates

 

  • Previous topic Using a script to replace a secure communication certificate
  • Next topic Multi-factor authentication in your automations
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us