The UIM Server installer creates a .pem file (certificate.pem) in the
<Nimsoft>\securityfolder. The .pem file is a symmetric key that is shared with the required robots, which is then used for communication with the data_engine probe. You copy this .pem file to the remote OC, UR, and CABI robots and provide the location of the file in the robot.cfg file (
cryptkey = <.pem file location>). Furthermore, if any impacted probe is not on the same computer where data_engine is present, copy the generated .pem file to the robot computer (where data_engine is not available) and update the robot.cfg file with the .pem file location on that computer.
To configure the robot.cfg file, follow these steps:
- Navigate to the<Nimsoft>\robotfolder.
- Open the robot.cfg file in a text editor.
- Add the following parameter to the file:cryptkey = <location of the .pem file>For example,cryptkey = c:\Certificate\certificate.pem
- Save your changes.Note:You do not need to restart the robot.
You have successfully configured the robot.cfg file.
Create a .pem File
Though the UIM Server installer automatically generates a .pem file (certificate.pem) in the
<Nimsoft>\securityfolder, you can generate your own .pem file, if you want. You then need to copy the same .pem file to all the required places (UMP robot, UR robot, CABI robot) and configure the robot.cfg file as explained. You can use OpenSSL to create a .pem file.
Note:data_engine does not consider the .pem file expiry though the automatically generated .pem file has a validity of 365 days. However, as a best practice, we recommend that you keep regenerating your .pem file based on your security requirements.
Follow these steps:
- For Windows, you can download OpenSSL from http://gnuwin32.sourceforge.net/packages/openssl.htm. Then, create a new system environment variable OPENSSL_CONF with the valueC:\Program Files (x86)\GnuWin32\share\openssl.cnf.For Linux, use appropriate package manager to install OpenSSL.
- Open the command prompt and navigate to the location where the OpenSSL executable file is available.
- Run the following command:openssl req -nodes -new -x509 -days <number of days the certificate is valid for> -out<certificate_filename>.pemNote:Ensure that your certificate filename does not include spaces.
- Enter the following information when prompted:
- Country Name (2 letter code) [AU]:
- State or Province Name (full name) [Some-State]:
- Locality Name (eg, city) :
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:
- Organizational Unit Name (eg, section) :
- Common Name (e.g. server FQDN or YOUR name) :
- Email Address :
- Copy the .pem file to the location that is accessible only to the appropriate users in your environment.You provide this location while configuring the robot.cfg file.