Using Custom SSL Certificates for Connection Authentication

An SSL certificate is now necessary to connect Automation Engine with Remote Agent and Clients. Using your own certificate prevents unauthorized connections between the connection endpoints.
The SSL certificate provided can be a self-signed certificate or issued by a CA (Certificate Authority).
To configure the SSL certificate on your server.
  1. Create a
    user_keystore
    file.
    • With self-signed certificate:
      keytool -keystore user_keystore -keyalg RSA -genkey -alias "AM" -storetype JKS -storepass <password>
      The following is a sample location where the file gets generated:
      C:\Program Files\AdoptOpenJDK\jdk-11.0.6.10-hotspot\bin
    • With CA issued certificate:
      A .CER file can be imported to a keystore using the following command:
      keytool -importcert -file certificate.cer -keystore user_keystore -alias "AM" -storetype JKS -storepass <password> -trustcacerts
  2. Create a
    user_keystore_config
    file.
    To encrypt the password, go to the
    AW_HOME/web/classes
    directory, ensure that AW variables are exported and run the following command:
    java -DAW_HOME=${AW_HOME} -cp AppWorx.jar;uc4-ra.jar com.appworx.util.EncryptKeystoreFile <password>
    The following is a sample location where the file gets generated:
    AW_HOME\data
CA Issued Certificate
From 9.3.5 and above, if the Certificate is CA Issued Certificate, copy the generated
user_keystore
and
user_keystore_config
files to the
<install-dir>\data
directory present on the Automation Engine machine.
If the certificate is self-signed,
user_keystore
and
user_keystore_config
files need to copied to Remote Agents and Client machines.
On each user's client machine, create a
C:\Users\<user name>\AppWorx\<master name>
folder for each master in the
connections.properties
file where <user name> is the actual user's name and
<master name>
is the name of the master. Then place copies of the
user_keystore
and
user_keystore_config
files for each master in the sub-directory for that master. This allows for different keystores to be used on each master.On each Remote Agent machine, the
user_keystore
and
user_keystore_config
files need to be copied to data directory of the Remote Agent installation directory.