Assigning A Trusted SSL Certificate To ThinkAutomation
By default the ThinkAutomation server uses a self-signed certificate. This is used by the Studio when it connects to the ThinkAutomation server and by the local HTTP interface. This ensures communication is secure.
However, if you will be using the local API to host local web forms, or for posting API requests directly to your ThinkAutomation server (as opposed to using the public API endpoint), then you may need to assign a trusted certificate to avoid getting browser security warnings, or if the application you are using to post data to ThinkAutomation requires a trusted certificate.
You can change the SSL certificate using the ThinkAutomation Studio.
Login to the Studio and select File - Server Settings.
Note: You must use the Studio on the ThinkAutomation server computer itself.
Select the Clients tab.
Click the Select Certificate button to select an existing SSL Certificate or add a new one. You can either select an existing certificate from your machine certificate store, or select an existing PFX file. The certificate common name must match the ThinkAutomation public domain name (if you will be exposing the local HTTP interface).
Selecting An Existing Certificate
Machine Certificate Stores
Select the Machine Certificate Stores tab to select a certificate from the local machine store. The certificate must have a private key. The ThinkAutomation Server service must have access to the private key. Usually the service has access by default, however on some systems you may need to grant access. To do this:
- Run
mmc.exe - Add Certificates (Local Computer)
- Go to: Personal - Certificates
- Right-click your certificate - All Tasks - Manage Private Keys
- Add your service account (e.g.
SYSTEM) - Grant Read permission
If the ThinkAutomation Server is unable to access the certificate from the machine store (due to security limitations on your server), then you must export it to a PFX file and then use that (see below).
PFX File
Select the Certificate From PFX File tab to select a local PFX file. Provide the Password and click the Load button. Select the certificate from the list.
Once a certificate is selected, click the Assign Selected button to assign it to ThinkAutomation.
Obtaining A New Certificate
From the Select Certificate window, click the Add New Certificate button. This opens the Install Certificate window. There are two tabs:
- Step 1: Create Certificate Signing Request : This will generate a new Certificate Signing Request (CSR) that you will use when you request a new certificate with your certificate provider (eg: DigiCert). Enter the Domain Name (eg: thinkautomationapi.mycompany.com), Company, Company Division (optional), Email Address, Country, State/Province and City/Locality. This step also creates a local private key (this is saved encrypted). You must supply the Private Key Password. Click the Generate CSR button. The CSR text will be displayed. Paste this text into the CSR entry on your certificate provider form.
- Step 2: Process Received Certificate File : Your certificate provider will issue your certificate once it has verified ownership of your domain. Verification will usually require you to add a DNS TXT record to your DNS record. Your certificate will be sent usually via email as a PEM, CER or CRT file. Save the received certificate file to a location on the ThinkAutomation computer. In the Certificate File entry, select the saved file. Ensure the Domain Name and Private Key Password entries match the values used in step 1. Click the Create PFX File button. A PFX file will then be created and saved in your ThinkAutomation settings folder. This will then be assigned to ThinkAutomation.
You can close the Studio between step 1 and 2. Once the PFX file is created, the certificate file received from your provider is no longer required.