Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

Self-Signed Certificates

Suggest Edits

Self-signed certificates are a way to secure your data by encrypting the SAML response when using single-sign on authentication. Below you can find an example of generating and using self-signed certificates in OKTA.

Generating a Self-Signed Certificate

There are multiple software applications which allow you to generate self-signed certificates, such as OpenSSL, MakeCert, IIS, Pluralsight or SelfSSL. For this example, we use MakeCert. In order to make a self-signed certificate with a private key, run the following commands from the Command Prompt:

  • makecert -r -pe -n “CN=UiPath” -e 01/01/2019 -sky exchange -sv makecert.pvk makecert.cer
  • C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\pvk2pfx.exe” -pvk makecert.pvk -spc makecert.cer -pfx makecert.pfx

Add the Certificate to OKTA

  1. Login to OKTA. The following setup is made in Classic UI view. You can change it from the drop-down on the top-right corner of the window.
702
  1. On the Application tab, select your previously defined application.
1073
  1. On the General tab, in the SAML Settings section, click Edit.
  2. On the Configure SAML tab, click Show Advanced Settings.
1014
  1. For the Assertion Encryption drop-down, select the Encrypted option.
  2. The certificate is displayed in the Encryption Certificate field.
736

Set Orchestrator/Identity Server to Use the Certificate

  1. Import the makecert.pfx certificate to the Windows certificate store using Microsoft Management Console. See here how to do that.
  2. Make sure that the following configuration is present in Identity Server's SAML2 settings within the External Providers page (read here how to access Identity Server):
    • In the Signing Certificate section, set Store name parameter to My from the drop-box.
    • Set the Store locationparameter to LocalMachine.
    • Set the Thumbprint parameter to the thumbprint value provided in the Windows certificate store. Details here.
1211
  1. Click Save to save the changes to the external identity provider settings.
  2. Restart the IIS server after performing any configuration changes within Identity Server.

Updated 2 years ago

Self-Signed Certificates

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.