The certificates that Pega includes with Pega Robotic Automation expire one year after Pega generates the certificate. Because of this, best practice is to use a self-provisioned certificate that is provisioned through an internal certificate authority, or a third-party certificate authority, or to use a certificate that is self signed so you can choose the the expiration of the certificate. The following steps explain how to replace an expired Pega certificate with your self-provisioned certificate.

Locating the port

Use a Robot Runtime computer in a production environment to locate and verify the port that Robot Runtime uses to communicate with the Pega application. Bind your certificate's REST service to this port to ensure secure communications between Robot Runtime and the Pega application. The default port is 9443.

1. In a text editor, open a RuntimeConfig.xml file used in a production environment. This file is located at %appdata%\OpenSpan (for 8.0 SP1 and earlier versions).
2. In the Robotics > LocalApiService section, locate the port key. The value stored in this key is the port binding. Make a note of this value. The following is an example of a port key:

<LocalApiService enabled="true" SSL="true" port="9443" allowedOrigins="*pega.com" JWTSecurity="false" PegaServerURL="https://MyPegaServer.com/prweb"/>

Creating the script

You can create a batch or PowerShell script to make installing the certificate easier. Download and open the sample scripts from the following ZIP file:

Sample scripts for installing local Robot Runtime certificates

Customize these scripts to install the certificate. After you customize the script, run the saved script on each Robot Runtime computer that needs an updated certificate.

Customizing the batch file

1. Open the sample batch file in a text editor.
2. Replace Line 5 - ipport PortNumber with the port number that you verify in the Locating the port section above.
3. Replace Line 8 - p value with the password for the self-provisioned certificate.
4. Replace Line 8 - importpfx value with the path to the certificate.
5. Replace Line 11 - $certHash value with the certificate hash value.
6. Replace Line 11 - $port value with the port binding number.
7. Save the batch file.

The following is an excerpt from the script in the sample batch file:

Customizing the PowerShell file

1. Open the sample PowerShell file in a text editor.
2. Replace Line 5 - ipport PortNumber with the port number that you verify in the Locating the port section.
3. Replace Line 8 -  p value with the password for the self-provisioned certificate.
4. Replace Line 8 - importpfx value with the path to the certificate.
5. Replace Line 12 - $certHash value with the certificate hash value.
6. Replace Line 14 - $port value with the port binding number.
7. Save the PowerShell file.

The following is an excerpt from the script in the sample PowerShell file: