Skip to main content
Kofax

How to change the certificate used by Management Console - embedded mode

3024025

Summary: 

When running in embedded mode, the Management Console uses a certificate located in the Application Data folder under /Certificates/Web.

This article contains an example of changing this certificate to a custom one.

More Information: 

Management Console will only use the file if its named webserver.keystore and is a PKCS12 keystore with alias "tomcat". The certificate password can be changed in the RoboServer Settings > Management Console tab.

Procedure

Before starting the procedure, obtain the new certificate. This has to include both the public and private key.

E.g. creating a p12 certificate with keytool:

keytool -genkey -alias tomcat -keyalg RSA -validity 3650 -keystore mcnew.p12 -storetype pkcs12

In the commands below, this "mcnew.p12" is used as example.

  1. Create a new webserver.keystore

    keytool -importkeystore -destkeystore <DestFolder>\webserver.keystore -srckeystore <SourceFolder>\mcnew.p12 -srcstoretype PKCS12
     
  2. This will prompt you for the password of the source keystore (from the p12 file) and will also allow you to set a new password for the destination keystore (webserver.keystore).
  3. Shutdown Management Console (stop service)
  4.  Switch webserver.keystore:
    1. Remove webserver.keystore from <Application Data Folder>\Certificates\Web\
      (Copy the file in a backup folder)

      Note: Application Data Folder is by default in :
      v10.4 and earlier: C:\Users\UserRunningMC\AppData\Local\Kapow\<version>
      v10.5 and later: C:\Users\UserRunningMC\AppData\Local\Kofax RPA\<version>
    2. Copy the webserver.keystore created at step #1 above to <Application Data Folder>\Certificates\Web\
       
  5. Update keystore password:
    1. Open RoboServer Settings as the user running the Management Console process (e.g. the logon user of the Management Console service)
    2. On the Management Console tab enter the new keystore password (what was set for destination keystore at step #2) in the "Certificate Password" field
    3. Click OK to save settings
       
  6. Restart Management Console.

Applies to:  

Product Version
RPA All