Post Installation Activities

This section provides information on how to perform various post installation activities.

This section describes how to perform certain post installation activities which are strictly dependent on the organization’s requirements.

It includes the following:

Enable Secure Communication (Changing HTTP to HTTPS)

Configuration Changes – Certificate Name Change (Type – PFX)

Configuration Changes – Certificate Name Change (for PEM/CRT/KEY Certificates)

Load Balancer Configuration

Configuration Changes - Access BigFix Runbook AI without Certificate (Type – PFX)

Configuration Changes - Access BigFix Runbook AI with Certificate (Type – PFX)

Configuration Changes - Access BigFix Runbook AI without Certificate (Type – PEM)

Configuration Changes – SaaS based Ticket Analysis

Configuration Changes – Run BASEUI and WEBAPI on same port

All the post installation activities listed above are optional.

Enable Secure Communication (Changing HTTP to HTTPS)

This section describes how to enable the secure communication by changing HTTP to HTTPS. It can be enabled for both the BigFix Runbook AI website and the deployed components.

Website Only

This section describes how to enable the secure communication by changing HTTP to HTTPS for the BigFix Runbook AI website.

Following changes are required in the underlying components to achieve the same.

Key Rotation Service (KRS)

To change the hosting of KRS from HTTP to HTTPS using the existing certificate, for e.g. 'HclTech.iautomate.Web', please follow the below steps:

  1. Press Win+R and type inetmgr.
  1. Click OK to open IIS.
Figure 1. Figure 23 - Hosting KRS from HTTP to HTTPS
  1. Expand Sites and click HCLiAutomateKRS.
Figure 2. Figure 24 - Hosting KRS from HTTP to HTTPS (cont.)
  1. Click on Bindings in the Edit Site section.
Figure 3. Figure 25 - Hosting KRS from HTTP to HTTPS (cont.)
Figure 4. Figure 26 - Hosting KRS from HTTP to HTTPS (cont.)
  1. Click Add New.
  2. Select Type as ‘https’. Port information gets populated automatically. Select the SSL Certificate .
  3. Click OK.
Figure 5. Figure 27 - Hosting KRS from HTTP to HTTPS (cont.)
  1. Right click HCLiAutomateKRS.
  2. Click Explore.
  3. Find Web.config file and open it in a Notepad.
Figure 6. Figure 28 - Hosting KRS from HTTP to HTTPS (cont.)
  1. Within the Web.config file, find the tag <security> and change it to <security mode= "TransportWithMessageCredential">.
Figure 7. Figure 29 - Hosting KRS from HTTP to HTTPS (cont.)
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Base User interface

To change the hosting of BaseUI from HTTP to HTTPS using the existing certificate, for e.g. 'HclTech.iautomate.Web', please follow the below steps:

  1. Press Win+R and type inetmgr.
  1. Click OK to open IIS.
Figure 8. Figure 30 - Hosting Base user interface from HTTP to HTTPS
  1. Expand Sites and click HCLiAutomateBaseUI.
Figure 9. Figure 31 - Hosting Base user interface from HTTP to HTTPS (cont.)
C:\Users\mishra_as\Pictures\a1.png
  1. Click on Bindings in the Edit Site section.
Figure 10. Figure 32 - Hosting Base user interface from HTTP to HTTPS (cont.)
Figure 11. Figure 33 - Hosting Base user interface from HTTP to HTTPS (cont.)
  1. Click Add.
  2. Select Type as https. Port information gets populated automatically. Select the SSL Certificate .
  3. Click OK.
Figure 12. Figure 34 - Hosting Base user interface from HTTP to HTTPS (cont.)
  1. Right-click HCLiAutomateBaseUI.
  2. Click Explore.
  3. Find Web.config file and open it in a Notepad.
Figure 13. Figure 35 - Hosting Base user interface from HTTP to HTTPS (cont.)
  1. Within the Web.config file, find the key URL and change its value from HTTP to HTTPS.
Figure 14. Figure 36 - Hosting Base user interface from HTTP to HTTPS (cont.)
  1. If the certificate is self-signed, find the key IsSelfSigned_KRS and change its value to ‘Y’. Else, the value will be ‘N’.
Figure 15. Figure 37 - Hosting Base user interface from HTTP to HTTPS (cont.)
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Web API

To change the hosting of Web API from HTTP to HTTPS using the existing certificate, for e.g. 'HclTech.iautomate.Web', please follow the below steps:

  1. Press Win+R and type inetmgr.
  1. Click OK to open IIS.
Figure 16. Figure 38 - Hosting Web API from HTTP to HTTPS
  1. Expand Sites and right-click HCLiAutomateWEBAPI.
  2. Click Explore.
Figure 17. Figure 39 - Hosting Web API from HTTP to HTTPS (Cont.)
C:\Users\mishra_as\Pictures\a1.png
  1. Find Web.config file and open it in a Notepad.
Figure 18. Figure 40 - Hosting Web API from HTTP to HTTPS (Cont.)
  1. Within the Web.config file, find the key ‘URL’ and change its value from HTTP to HTTPS.
Figure 19. Figure 41 - Hosting Web API from HTTP to HTTPS (Cont.)
  1. If the certificate is self-signed, find the key IsSelfSigned_KRS and change its value to ‘Y’. Else, the value will be ‘N’.
Figure 20. Figure 42 - Hosting Web API from HTTP to HTTPS (Cont.)
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Listener

To change the configuration of the Listener from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 21. Figure 43 - Hosting Listener from HTTP to HTTPS
  1. Click OK to open the Windows Services.
Figure 22. Figure 44 - Hosting Listener from HTTP to HTTPS
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click Properties.
Figure 23. Figure 45 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Copy the value mentioned in Path to executable field as shown in the image below.
Figure 24. Figure 46 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Open File Explorer , then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Listner.Service.Host config file and open it in a Notepad.
Figure 25. Figure 47 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.Listner.Service.Host config file, find the key URL and change its value from HTTP to HTTPS.
Figure 26. Figure 48 - Hosting Listener from HTTP to HTTPS (cont.)
  1. If the certificate is self-signed, find the key IsSelfSigned_KRS and change its value to ‘Y’. Else, the value will be ‘N’.

  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Configuration Changes via GUI

To change the configuration of Screen from HTTP to HTTPS, please follow the below steps:

  1. Login to BigFix Runbook AI using the Super Admin credentials.
  1. Roll-over to the EnvironmentBigFix Runbook AI Configuration.
  2. Select Component Name as Web API .
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 27. Figure 49 - Changing LB IP via GUI from HTTP to HTTPS
  1. Click Update to save the changes.

Components

This section describes how to enable the secure communication by changing HTTP to HTTPS for the BigFix Runbook AI Components.

As a prerequisite, user needs to have the Thumbprint of the certificate which can be identified using the below steps:

  1. Press Win+R and type mmc.
Figure 28. Figure 50 - Identify Thumbprint of the Certificate
  1. Click OK to open the Microsoft Management Console.
Figure 29. Figure 51 - Identify Thumbprint of the Certificate (cont.)
  1. From the File menu, select Add / Remove Snap-in.
Figure 30. Figure 52 - Identify Thumbprint of the Certificate (cont.)
  1. From the Available snap-ins list, select Certificates, then click Add.
Figure 31. Figure 53 - Identify Thumbprint of the Certificate (cont.)
Add certificate snap-in
  1. Click OK.
  2. From the Certificates Snap-In window, select Computer Account and click Next.
Figure 32. Figure 54 - Identify Thumbprint of the Certificate (cont.)
  1. In the left pane, under Console Root, click Certificates (Local Computer).
  2. Click Personal folder to expand it and then click Certificates folder to expand it.
Figure 33. Figure 55 - Identify Thumbprint of the Certificate (cont.)
  1. In the list of certificates, find certificate HclTech.iautomate.Web .
  2. Double-click the certificate to open the Certificate dialog box.
  3. Scroll through the list of fields and click Thumbprint to display the value.
Figure 34. Figure 56 - Identify Thumbprint of the Certificate (cont.)
https://gwb.blob.core.windows.net/jeremymorgan/How-to-Find-Certificates-by-their-Thumbprint_189982/powershell-cert-2_-935553088.jpg

Following changes are required in the underlying components:

Listener

To change the configuration of Listener from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 35. Figure 57 - Hosting Listener from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 36. Figure 58 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click Properties.
Figure 37. Figure 59 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 38. Figure 60 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Listner.Service.Host config file and open it in a Notepad.
Figure 39. Figure 61 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.Listner.Service.Host config file, find the key URL and change its value from HTTP to HTTPS
Figure 40. Figure 62 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.Listner.Service.Host config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 41. Figure 63 - Hosting Listener from HTTP to HTTPS (cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command.

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={fa605232-f580-4d28-895e-3e021ffed82d} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.Listener service and click Restart to restart the service.
Figure 42. Figure 64 - Hosting Listener from HTTP to HTTPS (cont.)

Data Collector

To change the configuration of Data Collector from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 43. Figure 65 - Hosting Data Collector from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 44. Figure 66 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Search for HCL.iAutomate.DC service and right-click on it.
  2. Click Properties.
Figure 45. Figure 67 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Copy the value mentioned in ‘Path to executable ’ as shown in the image below.
Figure 46. Figure 68 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.DataCollector.Service.Host.exe config file and open it in a Notepad.
Figure 47. Figure 69 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.DataCollector.Service.Host.exe config file, find the key ‘ServiceHostURL’ and change its value from HTTP to HTTPS.
Figure 48. Figure 70 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.DataCollector.Service.Host.exe config file, find the key ‘securityMode_Service’ and change its value from 2 to 3.
Figure 49. Figure 71 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.DataCollector.Service.Host.exe config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 50. Figure 72 - Hosting Data Collector from HTTP to HTTPS (cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command.

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={dcd67c7b-c67a-4956-b4cc-6545ace1d2e9} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.DC service and click Restart to restart the service.
Figure 51. Figure 73 - Hosting Data Collector from HTTP to HTTPS (cont.)

Generic Service

To change the configuration of Generic Service from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 52. Figure 74 - Hosting Generic Service from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 53. Figure 75 - Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Search for HCL.iAutomate.GenericExecutor service and right-click on it.
  2. Click Properties.
Figure 54. Figure 76 - Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 55. Figure 77 - Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Open File Explorer and then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Generic.Host.exe config file and open it in a Notepad.
Figure 56. Figure 78 - Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Within the HCL.iAutomate.Generic.Host.exe config file, find the key ‘iAutomate.Generic.ServiceHostURL’’ and change its value from HTTP to HTTPS.
Figure 57. Figure 79-Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Within the HCL.iAutomate.Generic.Host.exe config file, find the key ‘securityMode_Service’ and change its value from 2 to 3.
Figure 58. Figure 80 - Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Within the HCL.iAutomate.Generic.Host.exe config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 59. Figure 81 - Hosting Generic Service from HTTP to HTTPS (Cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command.

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={c60c3690-7b58-4c68-8590-e2fd061edd23} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.GenericExecutor service and click Restart to restart the service.
Figure 60. Figure 82 - Hosting Generic Service from HTTP to HTTPS (Cont.)

RBA Component

To change the configuration of RBA Component from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 61. Figure 83 - Hosting RBA Component from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 62. Figure 84 - Hosting RBA Component from HTTP to HTTPS
  1. Search for HCL.iAutomate.RBAComponent service and right-click on it.
  2. Click Properties.
Figure 63. Figure 85 - Hosting RBA Component from HTTP to HTTPS (Cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 64. Figure 86 - Hosting RBA Component from HTTP to HTTPS (Cont.)
  1. Open File Explorer and then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.RbaService.Component.Host.exe config file and open it in a Notepad.
Figure 65. Figure 87 - Hosting RBA Component from HTTP to HTTPS (Cont.)
  1. Within the HCL.RbaService.Component.Host.exe config file, find the key ‘ServiceHostURL’ and change its value from HTTP to HTTPS.
Figure 66. Figure 88 - Hosting RBA Component from HTTP to HTTPS (Cont.)
  1. Within the HCL.RbaService.Component.Host.exe config file, find the key ‘securityMode_Service’ and change its value from 2 to 3.
Figure 67. Figure 89 - Hosting RBA Component from HTTP to HTTPS (Cont.)
  1. Within the HCL.RbaService.Component.Host.exe config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 68. Figure 90 - Hosting RBA Component from HTTP to HTTPS (Cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command.

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={11f43d84-3d5c-47cf-b29e-0dd38c0e8f85} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.RBAComponent service and click Restart to restart the service.
Figure 69. Figure 91 - Hosting RBA Component from HTTP to HTTPS (Cont.)

Release Service

To change the configuration of Release Service from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 70. Figure 92 - Hosting Release Service from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 71. Figure 93 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Search for HCL.iAutomate.ReleaseService service and right-click on it.
  2. Click on Properties.
Figure 72. Figure 94 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 73. Figure 95 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Open File Explorer, then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Release.Host.exe config file and open it in a Notepad.
Figure 74. Figure 96 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Within the HCL.iAutomate.Release.Host.exe config file, find the key ‘iAutomate.Release.ServiceHostURL’ and change its value from HTTP to HTTPS.
Figure 75. Figure 97 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Within the HCL.iAutomate.Release.Host.exe config file, find the key ‘securityMode_Service’ and change its value from 2 to 3.
Figure 76. Figure 98 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Within the HCL.iAutomate.Release.Host.exe config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 77. Figure 99 - Hosting Release Service from HTTP to HTTPS (Cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command.

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={d32cb30c-7e1a-4549-a2e2-32bf01a1d345} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.ReleaseService service and click Restart to restart the service.
Figure 78. Figure 100 - Hosting Release Service from HTTP to HTTPS (Cont.)

AD Sync

To change the configuration of AD Sync from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 79. Figure 101 - Hosting AD Sync from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 80. Figure 102 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Search for HCL.iAutomate.ADSyncService and right-click on it.
  2. Click Properties.
Figure 81. Figure 103 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Copy the value mentioned in ‘Path to executable ’ as shown in the image below.
Figure 82. Figure 104 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Service.AD.exe config file and open it in a Notepad.
Figure 83. Figure 105 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.Service.AD.exe config file, find the key ‘ServiceHostURL’ and change its value from HTTP to HTTPS.
Figure 84. Figure 106 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.Service.AD.exe config file, find the key ‘securityMode_Service’ and change its value from 2 to 3.
Figure 85. Figure 107 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.Service.AD.exe config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 86. Figure 108 - Hosting AD Sync from HTTP to HTTPS (cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command:

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={8c00e29d-1a3e-439b-a449-7e26b64b9d27} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.ADSyncService service and click Restart to restart the service.
Figure 87. Figure 109 - Hosting AD Sync from HTTP to HTTPS (cont.)

Email Service

To change the configuration of Email Service from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 88. Figure 110 - Hosting Email Service from HTTP to HTTPS
  1. Click OK to open Windows Services.
Figure 89. Figure 111 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Search for HCL.iAutomate.EmailService and right-click on it.
  2. Click Properties.
Figure 90. Figure 112 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Copy the value mentioned in ‘Path to executable ’ as shown in the image below.
Figure 91. Figure 113 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.EmailService.Service.Host.exe config file and open it in a Notepad.
Figure 92. Figure 114 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.EmailService.Service.Host.exe config file, find the key ‘ServiceHostURL’ and change its value from HTTP to HTTPS.
Figure 93. Figure 115 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.EmailService.Service.Host.exe config file, find the key ‘securityMode_Service’ and change its value from 2 to 3.
Figure 94. Figure 116 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Within the HCL.iAutomate.EmailService.Service.Host.exe config file, find the key ‘IsSelfSigned_Service’ and change its value from N to Y.
Figure 95. Figure 117 - Hosting Email Service from HTTP to HTTPS (cont.)
  1. Save the file for changes to be reflected.
  2. Open the command prompt as administrator and run the following command.

netsh http add sslcert ipport=<ip>:<port on which service is running> appid={21fa9088-0c69-479e-8fdc-a81eb836e264} certhash="<Thumbprint of the certificate>"

Replace the < Thumbprint of the certificate> with the GUID identified earlier.

  1. Select HCL.iAutomate.EmailService service and click Restart to restart the service.
Figure 96. Figure 118 – Hosting Email Service from HTTP to HTTPS (cont.)

Configuration Changes via GUI

To change the configuration for various components via GUI from HTTP to HTTPS, please follow the below steps:

  1. Login to BigFix Runbook AI using the Super Admin credentials.
  1. Roll-over to the Environment and click BigFix Runbook AI Configuration.
  2. Select Component Name as Web API.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 97. Figure 119 - Configuration Changes via GUI from HTTP to HTTPS
  1. Click Update to save the changes.
  2. Select Component Name as Data Collector.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 98. Figure 120 - Configuration Changes via GUI from HTTP to HTTPS (Cont.)
  1. Click Update to save the changes.
  2. Select Component Name as ‘Generic Service’.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 99. Figure 121 - Configuration Changes via GUI from HTTP to HTTPS (Cont.)
  1. Click Update to save the changes.
  2. Select Component Name as ‘Release Service’.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 100. Figure 122 - Configuration Changes via GUI from HTTP to HTTPS (Cont.)
  1. Click Update to save the changes.
  2. Select Component Name as ‘RBA Service’.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 101. Figure 123 - Configuration Changes via GUI from HTTP to HTTPS (Cont.)
  1. Click Update to save the changes.
  2. Select Component Name as ‘Active Directory’.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 102. Figure 124 - Configuration Changes via GUI from HTTP to HTTPS (Cont.)
  1. Click Update to save the changes.
  2. Select Component Name as ‘Email Service’.
  3. Change the Load Balancer URL from HTTP to HTTPS.
Figure 103. Figure 125 - Configuration Changes via GUI from HTTP to HTTPS (Cont.)
  1. Click Update to save the changes.

Configuration Changes – Certificate Name Change (Type – PFX)

This section describes how to make the configurational changes if the SSL certificate name (Type - PFX) is other than ‘HCL.iAutomate’.

Please install the certificate through the Microsoft Management Console in both Personal as well as Trusted People folder. Refer to the pre-requisites document for the detailed procedure for certificate installation at required locations.

Change name of Certificate used to connect KRS

Website

This section describes configuration changes required for the Website in case SSL certificate is other than HCL.iAutomate .

Following changes are required in the underlying components.

Key Rotation Service (KRS)

To make changes for the KRS, please follow the below steps:

  1. Press Win+R and type inetmgr.
  1. Click OK to open IIS.
Figure 104. Figure 126 - Certificate Name Change – KRS
  1. Expand Sites and click HCLiAutomateKRS.
Figure 105. Figure 127 - Certificate Name Change – KRS (Cont.)
  1. Right click HCLiAutomateKRS.
  2. Click Explore.
  3. Find Web.config file and open it in a Notepad.
Figure 106. Figure 128 - Certificate Name Change – KRS (Cont.)
  1. Within the Web.config file, find the tag <serviceCertificate> and change the value of attribute ‘findValue’ with the updated Certificate Name.
Figure 107. Figure 129 - Certificate Name Change – KRS (Cont.)
image
  1. If the certificate is self-signed, find the key ‘IsSelfSigned’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 108. Figure 130 - Certificate Name Change – KRS (Cont.)
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Base User interface

To make changes for the BaseUI, please follow the below steps:

  1. Press Win+R and type inetmgr.
  1. Click OK to open IIS.
Figure 109. Figure 131 - Certificate Name Change – BaseUI
  1. Expand Sites and click HCLiAutomateBaseUI.
Figure 110. Figure 132 - Certificate Name Change – BaseUI (Cont.)
C:\Users\mishra_as\Pictures\a1.png
  1. Right-click HCLiAutomateBaseUI and click Explore.
  2. Find Web.config file and open it in a Notepad.
Figure 111. Figure 133 - Certificate Name Change – BaseUI (Cont.)
  1. Within the Web.config file, find the key ‘Certificate_Name_KRS’ and change its value with the new Certificate Name.
Figure 112. Figure 134 - Certificate Name Change – BaseUI (Cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 113. Figure 135 - Certificate Name Change – BaseUI (Cont.)
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Web API

To make changes for the Web API, please follow the below steps:

  1. Press Win+R and type inetmgr.
  1. Click OK to open IIS.
Figure 114. Figure 136 - Certificate Name Change – Web API
  1. Expand Sites and right-click HCLiAutomateWEBAPI.
  2. Click Explore.
Figure 115. Figure 137 - Certificate Name Change – Web API (cont.)
C:\Users\mishra_as\Pictures\a1.png
  1. Find Web.config file and open it in Notepad.
Figure 116. Figure 138 - Certificate Name Change – Web API (cont.)
  1. Within the Web.config file, find the key ‘Certificate_Name_KRS’ and change its value with the new Certificate Name.
Figure 117. Figure 139 - Certificate Name Change – Web API (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 118. Figure 140 - Certificate Name Change – Web API
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Components

This section describes the configuration changes required for the Components in case the SSL Certificate name is other than HCL.iAutomate .

Following changes are required in the underlying components:

Listener

To make changes for the Listener, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 119. Figure 141 - Certificate Name Change – Listener
  1. Click OK to open Windows Services.
Figure 120. Figure 142 - Certificate Name Change – Listener (cont.)
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click Properties.
Figure 121. Figure 143 - Certificate Name Change – Listener (cont.)
  1. Copy the value in Path to executable as shown in the image below.
Figure 122. Figure 144 - Certificate Name Change – Listener (cont.)
  1. Open File Explorer then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Listner.Service.Host config file and open it in a Notepad.
Figure 123. Figure 145 - Certificate Name Change – Listener (cont.)
  1. Within the HCL.iAutomate.Listner.Service.Host config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 124. Figure 146 - Certificate Name Change – Listener (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 125. Figure 147- Certificate Name Change – Listener (cont.)
  1. Save the file for changes to be reflected.
  2. Select the service and click Restart to restart the services.

Data Collector

To make changes for the Data Collector, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 126. Figure 148 - Certificate Name Change – Data Collector
  1. Click OK to open Windows Services.
Figure 127. Figure 149 - Certificate Name Change – Data Collector (Cont.)
  1. Search for HCL.iAutomate.DC service and right-click on it .
  2. Click on Properties.
Figure 128. Figure 150 - Certificate Name Change – Data Collector (Cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 129. Figure 151 - Certificate Name Change – Data Collector (Cont.)
  1. Open File Explorer, then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.DataCollector.Service.Host.exe config file and open it in a Notepad.
Figure 130. Figure 152 - Certificate Name Change – Data Collector (Cont.)
  1. Within the HCL.iAutomate.DataCollector.Service.Host.exe config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 131. Figure 153 - Certificate Name Change – Data Collector (Cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’..
Figure 132. Figure 154 - Certificate Name Change – Data Collector (Cont.)
  1. Save the file for changes to be reflected.
  2. Select HCL.iAutomate.DC service and click Restart to restart the service.
Figure 133. Figure 155 - Certificate Name Change – Data Collector (Cont.)

Generic Service

To make changes for the Generic Service, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 134. Figure 156 - Certificate Name Change – Generic Service
  1. Click OK to open Windows Services.
Figure 135. Figure 157 - Certificate Name Change – Generic Service (cont.)
  1. Search for HCL.iAutomate.GenericExecutor service and right-click on it.
  2. Click on Properties.
Figure 136. Figure 158 - Certificate Name Change – Generic Service (cont.)
  1. Copy the value in Path to executable as shown in the image below.
Figure 137. Figure 159 - Certificate Name Change – Generic Service (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Generic.Host.exe config file and open it in a Notepad.
Figure 138. Figure 160- Certificate Name Change – Generic Service (cont.)
  1. Within the HCL.iAutomate.Generic.Host.exe config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 139. Figure 161 - Certificate Name Change – Generic Service (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 140. Figure 162 - Certificate Name Change – Generic Service (cont.)
  1. Save the file for changes to be reflected.
  2. Select HCL.iAutomate.GenericExecutor service and click Restart to restart the service.
Figure 141. Figure 163- Certificate Name Change – Generic Service (cont.)

RBA Component

To make changes for the RBA component, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 142. Figure 164 - Certificate Name Change – RBA Component
  1. Click OK to open Windows Services.
Figure 143. Figure 165 - Certificate Name Change – RBA Component (cont.)
  1. Search for HCL.iAutomate.RBAComponent service and right-click on it.
  2. Click Properties.
Figure 144. Figure 166 - Certificate Name Change – RBA Component (cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 145. Figure 167 - Certificate Name Change – RBA Component (cont.)
  1. Open File Explorer , then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.RbaService.Component.Host.exe config file and open it in a Notepad.
Figure 146. Figure 168 - Certificate Name Change – RBA Component (cont.)
  1. Within the HCL.RbaService.Component.Host.exe config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 147. Figure 169 - Certificate Name Change – RBA Component (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 148. Figure 170 - Certificate Name Change – RBA Component (cont.)
  1. Save the file for changes to be reflected.
  2. Select HCL.iAutomate.RBAComponent service and click Restart to restart the service.
Figure 149. Figure 171 - Certificate Name Change – RBA Component (cont.)

Release Service

To make changes for the Release Service, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 150. Figure 172 - Certificate Name Change – Release Service
  1. Click OK to open Windows Services.
Figure 151. Figure 173 - Certificate Name Change – Release Service (cont.)
  1. Search for HCL.iAutomate.ReleaseService and right-click on it.
  2. Click Properties.
Figure 152. Figure 174 - Certificate Name Change – Release Service (cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 153. Figure 175 - Certificate Name Change – Release Service (cont.)
  1. Open File Explorer , then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Release.Host.exe config file and open it in a Notepad.
Figure 154. Figure 176 - Certificate Name Change – Release Service (cont.)
  1. Within the HCL.iAutomate.Release.Host.exe config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 155. Figure 177 - Certificate Name Change – Release Service (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 156. Figure 178 - Certificate Name Change – Release Service (cont.)
  1. Save the file for changes to be reflected.
  2. Select HCL.iAutomate.ReleaseService service and click Restart to restart the service.
Figure 157. Figure 179 - Certificate Name Change – Release Service (cont.)

AD Sync

To change the configuration of AD Sync from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 158. Figure 180 - Certificate Name Change – AD Sync Service
  1. Click OK to open Windows Services.
Figure 159. Figure 181 - Certificate Name Change – AD Sync Service (cont.)
  1. Search for HCL.iAutomate.ADSyncService and right-click on it.
  2. Click Properties.
Figure 160. Figure 182 - Certificate Name Change – AD Sync Service (cont.)
  1. Copy the value mentioned in ‘Path to executable ’ as shown in the image below.
Figure 161. Figure 183 - Certificate Name Change – AD Sync Service (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Service.AD.exe config file and open it in a Notepad.
Figure 162. Figure 184 - Certificate Name Change – AD Sync Service (cont.)
  1. Within the HCL.iAutomate.Service.AD.exe config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 163. Figure 185 - Certificate Name Change – AD Sync Service (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 164. Figure 186 - Certificate Name Change – AD Sync Service (cont.)
  1. Save the file for changes to be reflected.
  2. Select HCL.iAutomate.ADSyncService service and click Restart to restart the service.
Figure 165. Figure 187 - Certificate Name Change – AD Sync Service (cont.)

Email Service

To change the configuration of Email Service from HTTP to HTTPS, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 166. Figure 188 - Certificate Name Change – Email Service
  1. Click OK to open Windows Services.
Figure 167. Figure 189 - Certificate Name Change – Email Service (cont.)
  1. Search for HCL.iAutomate.EmailService and right-click on it.
  2. Click Properties.
Figure 168. Figure 190 - Certificate Name Change – Email Service (cont.)
  1. Copy the value mentioned in ‘Path to executable ’ as shown in the image below.
Figure 169. Figure 191 - Certificate Name Change – Email Service (cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.EmailService.Service.Host.exe config file and open it in a Notepad.
Figure 170. Figure 192 - Certificate Name Change – Email Service (cont.)
  1. Within the HCL.iAutomate.EmailService.Service.Host.exe config file, find the key ‘CertificateName_KRS’ and change its value with the new Certificate Name.
Figure 171. Figure 193 - Certificate Name Change – AD Sync Service (cont.)
  1. If the certificate is self-signed, find the key ‘IsSelfSigned_KRS’ and change its value to ‘Y’. Else the value will be ‘N’.
Figure 172. Figure 194 - Certificate Name Change – Email Service (cont.)
  1. Save the file for changes to be reflected.
  2. Select HCL.iAutomate.EmailService service and click Restart to restart the service.
Figure 173. Figure 195 – Certificate Name Change – Email Service (cont.)

iRecommend

To make changes for iRecommend service, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 174. Figure 196 - Certificate Name Change – iRecommend
  1. Click OK to open Windows Services.
Figure 175. Figure 197 - Certificate Name Change – iRecommend (Cont.)
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click on Properties.
Figure 176. Figure 198 - Certificate Name Change – iRecommend (Cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 177. Figure 199 - Certificate Name Change – iRecommend (Cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Go to iRecommend folder. Locate irecommend.config file.
  3. Open irecommend.config in a Notepad and search for below line.
Figure 178. Figure 200 - Certificate Name Change – iRecommend (Cont.)
  1. Change Certificate_Name and the value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file to implement the changes.
  3. Go to iRecommendconfig folder.
  4. Locate entity.config file.
  5. Open entity.config in a Notepad and search for below line.
Figure 179. Figure 201 - Certificate Name Change – iRecommend (Cont.)
  1. Change Certificate_Name and the value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file for changes to get reflected.

iParse

To make changes for iParse service, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 180. Figure 202 - Certificate Name Change – iParse
  1. Click OK to open Windows Services.
Figure 181. Figure 203 - Certificate Name Change – iParse (Cont.)
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click on Properties.
Figure 182. Figure 204 - Certificate Name Change – iParse (Cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 183. Figure 205 - Certificate Name Change – iParse (Cont.)
  1. Open File Explorer and paste the copied path and press Enter to open the desired folder.
  2. Go to \iParse\IParse\iparse\config folder.
  3. Locate parse_config.config file.
  4. Open parse_config.config in a Notepad and search for below line.
Figure 184. Figure 206 - Certificate Name Change – iParse (Cont.)
  1. Change Certificate_Name and the value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file to implement the changes.

iScrape

To make changes for iScrape service, please follow the below steps:

  1. Go to the folder where user has installed knowledge components.
  1. Go to \iScript\IScript\iScript\config folder.
  2. Locate iScrape.cfg file.
  3. Open iScrape.cfg in a Notepad and search for below line.
Figure 185. Figure 207 - Certificate Name Change – iScrape
  1. Change Certificate_Name and value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file to implement the changes.

iUnique

To make changes for iUnique service, please follow the below steps:

  1. Press Win+R and type services.msc.
Figure 186. Figure 208 - Certificate Name Change – iUnique
  1. Click OK to open Windows Services.
Figure 187. Figure 209 - Certificate Name Change – iUnique
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click on Properties.
Figure 188. Figure 210 - Certificate Name Change – iUnique
  1. Copy the value in ‘Path to executable ’ as shown in the image below.
Figure 189. Figure 211 - Certificate Name Change – iUnique
  1. Open File Explorer , then paste the copied path and press Enter to open the desired folder.
  2. Go to \iUnique\IUnique\iUnique_final\config folder.
  3. Locate iUnique.cfg file.
  4. Open iUnique.cfg in Notepad and search for below line.
Figure 190. Figure 212 - Certificate Name Change – iUnique
  1. Change Certificate_Name and the value from HclTech.iAutomate.Web to the new Certificate Name.
  2. Save the file to implement the changes.

Knowledge

To make changes for Knowledge service, please follow the below steps:

  1. Go to the folder where user has installed knowledge components.
  1. Go to \KnowledgeRating\KnowledgeRating\iKnowledge_Rating folder.
  2. Locate rating.cfg file.
  3. Open rating.cfg in a Notepad and search for below line.
Figure 191. Figure 213 - Certificate Name Change – Knowledge
  1. Change Certificate_Name and the value from HclTech.iautomate.web to the new Certificate name.
  2. Save the file for changes to get reflected.
  3. Go to the folder where user has installed knowledge components.
  4. Go to \ AdvanceKnowledge\Crawler\crawler_v5\config folder. Locate icrawler.cfg file.
  5. Open indexer.cfg in a Notepad and search for below line.
Figure 192. Figure 214 - Certificate Name Change – Knowledge (Cont.)
  1. Change Certificate_Name and their value from HclTech.iautomate.web to the new Certificate name.
  2. Save the file for changes to get reflected.
  3. Go to the folder where user has installed knowledge components.
  4. Go to \ AdvanceKnowledge\iKnowledge_Indexer folder. Locate indexer.cfg file.
  5. Open indexer.cfg in a Notepad and search for below line.
Figure 193. Figure 215 - Certificate Name Change – Knowledge (Cont.)
  1. Change Certificate_Name and their value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file for changes to get reflected.
  3. Go to the folder where user has installed knowledge components.
  4. Go to AdvanceKnowledge\iKnowledge_Screen folder.
  5. Locate iKnowledge_Screen.cfg file.
  6. Open iKnowledge_Screen.cfg in a Notepad and search for below line.
Figure 194. Figure 216 - Certificate Name Change – Knowledge (Cont.)
  1. Change Certificate_Name and the value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file for changes to get reflected.
  3. Go to the folder where user has installed knowledge components.
  4. Go to \AdvanceKnowledge\iKnowledge_Search folder.
  5. Locate iKnowledge_Search file.
  6. Open iKnowledge_Search in a Notepad and search for below line.
Figure 195. Figure 217 - Certificate Name Change – Knowledge (Cont.)
  1. Change Certificate_Name and the value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file for changes to get reflected.
  3. Go to the folder where user has installed knowledge components.
  4. Go to iKnowledge\iKnowledge\knowledge_v4 folder.
  5. Locate iKnowledge.cfg file.
  6. Open iKnowledge.cfg in a Notepad and search for below line.
Figure 196. Figure 218 - Certificate Name Change – Knowledge (Cont.)
  1. Change Certificate_Name and the value from HclTech.iautomate.Web to the new Certificate name.
  2. Save the file to implement the changes.

CHANGE NAME OF CERTIFICATE USED TO CONNECT SERVICES

This section describes configuration changes required for the components in case ssl certificate is other than HclTech.iautomate.App.

Follow all steps mentioned in section “change name of certificate used to connect KRS” with below changes:

Search for key “CertificateName_Service” instead ‘CertificateName_KRS’.

Search for key ‘IsSelfSigned_Service’ instead ‘IsSelfSigned_KRS’.

For below components:

Base User Interface, Listener, Data Collector, Generic Service, RBA Component, Release Service, Email Service, Ad Sync

For BASEUI and Listener follow below steps:

Search for “<dns value="HclTech.iautomate.App" />” in web.config and change with New Certificate.

Configuration Changes – Certificate Name Change for PEM/CRT/KEY Certificates

If the Certificate that is used for connecting the REST API hosted by Apache gets changed (PEM/CRT/KEY), user needs to change some parameters (params) in the httpd.conf file in apache directory: /Apache24/conf/httpd.conf.

The parameters define the path of the certificates that are used along with certificate names.

For instance, suppose the certificate changes from server.crt to server1.crt then, by default, they are set to default location as “C:/Program Files/certificate/server.crt”, which needs to be changed to new file name of certificates as “C:/Program Files/certificate/server1.crt”.

Figure 197. Figure 219 - Certificate Name Change (PEM / CRT / Key Certificate)

Load Balancer Configuration

This section describes the steps for making the required configurational changes if, BigFix Runbook AI is installed in High Availability mode.

To make the configuration changes, please follow the below steps:

  1. Press Win+R and type services.msc.
  1. Click OK to open IIS.
Figure 198. Figure 220 - Load Balancer Configuration
  1. Expand Sites under Connections and click HCLiAutomateBaseUI.

C:\Users\mishra_as\Pictures\a1.png

Figure 221 - Load Balancer Configuration (cont.)

  1. Click on Bindings in the Edit Site section.
Figure 199. Figure 222 - Load Balancer Configuration (cont.)
Figure 200. Figure 223 - Load Balancer Configuration (cont.)
  1. Ensure that the value of Port mentioned is same as configured in Load Balancer. If that is not the case, click Edit to change the Port value.
  2. Right-click on HCLiAutomateBaseUI and click Explore.
  3. Find Web.config file and open it in a Notepad.
Figure 201. Figure 224 - Load Balancer Configuration (cont.)
  1. Within the Web.config file, search for the key ‘URL’ and replace the ‘localhost:portnumber’ with the Load balancer IP and Web API Port.
Figure 202. Figure 225 - Load Balancer Configuration (cont.)
  1. Save the file to implement the changes.
  2. Select the service and click Restart to restart the services.
  3. Expand Sites in Connections section and click HCLiAutomateWEBAPI.
Figure 203. Figure 226 - Load Balancer Configuration (cont.)
C:\Users\mishra_as\Pictures\a1.png
Figure 204. Figure 227 - Load Balancer Configuration (cont.)
  1. Right-click on HCLiAutomateWEBAPI and click Explore.
  2. Find Web.config file and open it in a Notepad.
Figure 205. Figure 228 - Load Balancer Configuration (cont.)
  1. Within the Web.config file, search for the key ‘URL’ and replace the ‘localhost:portnumber’ with the Load balancer IP and Web API Port.
Figure 206. Figure 229 - Load Balancer Configuration (cont.)
  1. Save the file to implement the changes.
  2. Select the service and click Restart to restart the services.
  3. Press Win+R and type services.msc.
Figure 207. Figure 230 - Load Balancer Configuration (cont.)
  1. Click OK to open Windows Services.
Figure 208. Figure 231 - Load Balancer Configuration (cont.)
  1. Search for HCL.iAutomate.Listener service and right-click on it.
  2. Click Properties.
Figure 209. Figure 232 - Load Balancer Configuration (cont.)
  1. Copy the value mentioned in Path to executable as shown in the image below.
Figure 210. Figure 233 - Load Balancer Configuration (cont.)
  1. Open File Explorer , then paste the copied path and press Enter to open the desired folder.
  2. Search for HCL.iAutomate.Listner.Service.Host config file and open it in a Notepad.
Figure 211. Figure 234 - Load Balancer Configuration (cont.)
  1. Within the HCL.iAutomate.Listner.Service.Host config file, search for the key ‘URL’ and replace the ‘localhost:portnumber’ with the Load balancer IP and Web API Port.
Figure 212. Figure 235 - Load Balancer Configuration (cont.)
  1. Save the file to implement the changes.
  2. Select the service and click Restart to restart the services.

Repeat the steps mentioned above on all the load balanced servers.

  1. Login to BigFix Runbook AI using the Super Admin credentials.
  2. Roll-over Environment and click BigFix Runbook AI Configuration.
  3. Select Component Name as ‘Web API’. Change the Load Balancer URL to the Load Balancer IP.
Figure 213. Figure 236 - Load Balancer Configuration (cont.)
  1. Click Update to save the changes.
  2. Above step must be repeated for all the components. Additionally, for the Component Name ‘iRecommend’, provide the path of the shared drive location in the ‘iRecommend Model Location’ field.
Figure 214. Figure 237 - Load Balancer Configuration (cont.)
  1. Click Update to save the changes.
  2. Additionally, for the Component Name Entity Model, provide the path of the shared drive location in the EntityModel Model Location field.
Figure 215. Figure 238 - Load Balancer Configuration (cont.)
  1. Click Update to save the changes.
  2. Additionally, for the Component Name given as Crawler, provide the path of the shared drive location in the Data Directory Location field.
Figure 216. Figure 239 - Load Balancer Configuration (cont.)
  1. Click Update to save the changes.

Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX)

This section describes the steps for making the required configurational changes to enable access to BigFix Runbook AI when PFX certificate is not available.

To make the configuration changes, please follow the below steps:

Without Certificate used to connect KRS

WCF Services:

  1. When no certificate is present in Personal and Trusted folder, following error will occur while loading the KRS wsdl ( <IP address:port>/KRS/KeyManagement.svc )
Figure 217. Figure 240 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\1.Certi.JPG
  1. Go to <BigFix Runbook AI Installer path>.
Figure 218. Figure 241 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Go to Path <BigFix Runbook AI Installer path>\KRS.
  2. Open Web.config file.
  3. Add mode=” None” in <security> tag
  4. Change clientCredentialType="None" in <serviceCredentials> tag.
  5. Comment the <serviceCertificate> tag in <serviceCredentials>.
Figure 219. Figure 242 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\2.2.KRS-config.JPG
  1. Go to Path < BigFix Runbook AI Installer path>\ WebAPI
  2. Open Web.config file.
  3. Set key “enableCertificate_KRS” value to “N”.

Figure 243 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)

  1. Go to Path < BigFix Runbook AI Installer path>\Listener…\Listener
  2. Open HCL.iAutomate.Listener.Service.Host.exe config file.
  3. Set “enableCertificate_KRS” key to “N”
Figure 220. Figure 244 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Go to Path < BigFix Runbook AI Installer path>\BaseUI…\BaseUI
  2. Open Web.config file.
  3. Set “enableCertificate_KRS” key to “N”.
Figure 221. Figure 245 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Go to Path < BigFix Runbook AI Installer path>\DataCollection…\DataCollection folder location
  2. Open HCL.iAutomate.DataCollector.Service.Host.exe config file.
  3. Set “enableCertificate_KRS” key to “N”.
Figure 222. Figure 246 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Follow the last 3 mentioned steps to make the configurational changes required for AD Sync, Email Service, Generic Service, RBA service and Release Service

AI Services:

  1. Go to Path < BigFix Runbook AI Installer path>\iRecommend…\
  1. Open IRECOMMEND.CFG file.
  2. Replace value of “enableCertificate” with “N”.
Figure 223. Figure 247 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\6.1.iRecommend.JPG
  1. Open entity.cfg file in entity folder in same location and replace value of “enableCertificate” with “N”
Figure 224. Figure 248 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\7.iParse.JPG
  1. Go to Path < BigFix Runbook AI Installer path>\iParse…\IParse\iparse\config
  2. Open Parse_data.cfg file.
  3. Replace value of “enableCertificate” with “N
Figure 225. Figure 249 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\7.iParse.JPG
  1. Go to Path < BigFix Runbook AI Installer path>\iUnique…\IUnique\iUnique_final\config
  2. Open iUnique.cfg file.
  3. Replace “enableCertificate” with “N
Figure 226. Figure 250 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\8.iUnique.JPG
  1. Go to < BigFix Runbook AI Installer path>\iScript…\IScript\iScript\config
  2. Open iScrape.cfg file.
  3. Replace “enableCertificate” with “N
Figure 227. Figure 251 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\9.iScript.JPG
  1. Go to < BigFix Runbook AI Installer path>\AdvanceKnowledge\Crawler\crawler_v5\config
  2. Open iCrawler.cfg file.
  3. Replace “enableCertificate” with “N
  4. Go to < BigFix Runbook AI Installer path>\ AdvanceKnowledge\ iKnowledge_Indexer
  5. Open INDEXER.cfg file.
  6. Replace “enableCertificate” with “N
  7. Go to < BigFix Runbook AI Installer path>\ AdvanceKnowledge\ iKnowledge_Screen
  8. Open IKNOWLEDGE_SCREEN.cfg file.
  9. Replace “enableCertificate” with “N
  10. Go to < BigFix Runbook AI Installer path>\ AdvanceKnowledge\ iKnowledge_Search
  11. Open IKNOWLEDGE_SEARCH.cfg file.
  12. Replace “enableCertificate” with “N
  13. Go to < BigFix Runbook AI Installer path>\ KnowledgeRating …\ iKnowledge_Rating
  14. Open rating.cfg file.
  15. Replace “enableCertificate” with “N
  16. Go to < BigFix Runbook AI Installer path>\ iKnowledge \ iKnowledge \ knowledge_v4
  17. Open iknowledge.cfg file.
  18. Replace “enableCertificate” with “N

Without Certificate used to connect Services

WCF Services:

  1. Go to < BigFix Runbook AI Installer path>.
Figure 228. Figure 252  Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\Folders.JPG
  1. Go to Path < BigFix Runbook AI Installer path>\BaseUI…\BaseUI
  2. Open Web.config file.
  3. Replace value of “enableCertificate_Service” key to “N”.
Figure 229. Figure 253 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Change mode=”None” and clientCertificateType=”None”.
  2. Go to Path < BigFix Runbook AI Installer path>\Listener…\Listener
  3. Open HCL.iAutomate.Listener.Service.Host.exe config file.
  4. Replace value of “enableCertificate_Service” key to “N”.
Figure 230. Figure 254 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Change mode=”None” and clientCertificateType=”None”.
  2. Go to Path < BigFix Runbook AI Installer path>\DataCollection…\DataCollection folder location
  3. Open HCL.iAutomate.DataCollector.Service.Host.exe config file.
  4. Replace value of “enableCertificate_Service” key to “N”.
Figure 231. Figure 255 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
A picture containing text Description automatically generated
  1. Follow the last 3 mentioned steps to make the configurational changes required for AD Sync, Email Service, Generic Service, RBA service and Release Service

Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX)

This section describes the steps for making the required configurational changes to enable access to BigFix Runbook AI when PFX certificate is available. By default, BigFix Runbook AI will install with Certificate.

To make the configuration changes, please follow the below steps:

With Certificate used to connect KRS

WCF Services:

  1. Go to < BigFix Runbook AI Installed path>.
Figure 232. Figure 256 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
  1. Go to Path < BigFix Runbook AI Installer path>\KRS.
  2. Open Web.config file.
  3. Add mode=” Message” in <security> tag.
  4. Change clientCredentialType="Certificate" in <message> tag.
Figure 233. Figure 257 Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
  1. Change certificateValidationMode="PeerTrust" in <serviceCredentials> tag.
Figure 234. Figure 258 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
  1. Uncomment the <serviceCertificate> tag, if commented.
  2. Go to Path < BigFix Runbook AI Installer path>\ WebAPI
  3. Open Web.config file.
  4. Set key “enableCertificate_KRS” value to “Y”.
Figure 235. Figure 259 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
  1. Go to Path < BigFix Runbook AI Installer path>\Listener…\Listener
  2. Open HCL.iAutomate.Listener.Service.Host.exe config file.
  3. Set “enableCertificate_KRS” key to “Y”.
Figure 236. Figure 260 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
  1. Go to Path < BigFix Runbook AI Installer path>\BaseUI…\BaseUI
  2. Open Web.config file.
  3. Set “enableCertificate_KRS” key to “Y”.
Figure 237. Figure 261 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
  1. Go to Path < BigFix Runbook AI Installer path>\DataCollection…\DataCollection folder location
  2. Open HCL.iAutomate.DataCollector.Service.Host.exe config file.
  3. Replace value of “enableCertificate_KRS” key to “Y”.
Figure 238. Figure 262 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PFX) (cont.)
  1. Follow the last 3 mentioned steps to make the configurational changes required for AD Sync, Email Service, Generic Service, RBA service and Release Service

AI Services

  1. Go to Path < BigFix Runbook AI Installer path>\iRecommend…\
  1. Open IRECOMMEND.CFG file.
  2. Replace value of “enableCertificate” with “Y”.
  3. Open entity.cfg file in entity folder in same location and replace value of “enableCertificate” with “Y”
  4. Go to Path < BigFix Runbook AI Installer path>\iParse…\IParse\iparse\config
  5. Open Parse_data.cfg file.
  6. Replace value of “enableCertificate” with “Y
  7. Go to Path < BigFix Runbook AI Installer path>\iUnique…\IUnique\iUnique_final\config
  8. Open iUnique.cfg file.
  9. Replace “enableCertificate” with “Y
  10. Go to <BigFix Runbook AI Installer path>\iScript…\IScript\iScript\config
  11. Open iScrape.cfg file.
  12. Replace “enableCertificate” with “Y
  13. Go to <BigFix Runbook AI Installer path>\AdvanceKnowledge\Crawler\crawler_v5\config
  14. Open iCrawler.cfg file.
  15. Replace “enableCertificate” with “Y
  16. Go to < BigFix Runbook AI Installer path>\ AdvanceKnowledge\ iKnowledge_Indexer
  17. Open INDEXER.cfg file.
  18. Replace “enableCertificate” with “Y
  19. Go to < BigFix Runbook AI Installer path>\ AdvanceKnowledge\ iKnowledge_Screen
  20. Open IKNOWLEDGE_SCREEN.cfg file.
  21. Replace “enableCertificate” with “Y
  22. Go to <BigFix Runbook AI Installer path>\ AdvanceKnowledge\ iKnowledge_Search
  23. Open IKNOWLEDGE_SEARCH.cfg file.
  24. Replace “enableCertificate” with “Y
  25. Go to <BigFix Runbook AI Installer path>\ KnowledgeRating …\ iKnowledge_Rating
  26. Open rating.cfg file.
  27. Replace “enableCertificate” with “Y
  28. Go to <BigFix Runbook AI Installer path>\ iKnowledge \ iKnowledge \ knowledge_v4
  29. Open iknowledge.cfg file.
  30. Replace “enableCertificate” with “Y

With Certificate used to connect Services

WCF Services:

  1. Go to <BigFix Runbook AI Installed path>.
Figure 239. Figure 263 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\Folders.JPG
  1. Go to Path <BigFix Runbook AI Installer path>\BaseUI…\BaseUI
  2. Open Web.config file.
  3. Replace value of “enableCertificate_Service” key to “Y”.
Figure 240. Figure 264- Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
A picture containing diagram Description automatically generated
  1. Go to Path <BigFix Runbook AI Installer path>\Listener…\Listener
  2. Open HCL.iAutomate.Listener.Service.Host.exe config file.
  3. Replace value of “enableCertificate_Service” key to “Y”.
Figure 241. Figure 265 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
A picture containing diagram Description automatically generated
  1. Go to Path <BigFix Runbook AI Installer path>\DataCollection…\DataCollection folder location
  2. Open HCL.iAutomate.DataCollector.Service.Host.exe config file.
  3. Replace value of “enableCertificate_Service” key to “Y”.
Figure 242. Figure 266 - Configuration Changes – Access BigFix Runbook AI with Certificate (Type – PFX) (cont.)
A picture containing diagram Description automatically generated
  1. Follow the last 3 mentioned steps to make the configurational changes required for AD Sync, Email Service, Generic Service, RBA service and Release Service

Configuration Changes - Access BigFix Runbook AI without Certificate (Type – PEM)

This section describes the steps for making the required configurational changes to enable access to BigFix Runbook AI when PEM certificate is not available.

To make the configuration changes, please follow the below steps:

AI Services:

  1. Go to Path <BigFix Runbook AI Installer path>\Listener…\Listener
  1. Open HCL.iAutomate.Listener.Service.Host.exe config file.
  2. Replace value of “enablePEMCertificate” key with “N”.
Figure 243. Figure 267 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\16.BaseUI-Pem.JPG
  1. Go to Path <BigFix Runbook AI Installer path>\BaseUI…\BaseUI
  2. Open Web.config file.
  3. Replace value of “enablePEMCertificate” key to “N”.
  4. Got to Path C:/Apache24/conf and open iRecommend.cfg file. Comment the following lines:
  1. SSLEngine on
  2. SSLCertificateFile "C:/Program Files/certificate/server.crt"
  3. SSLCertificateKeyFile "C:/Program Files/certificate/server.key"
  4. SSLCACertificateFile "C:/Program Files/certificate/ca.pem"
  5. SSLVerifyClient require
  6. SSLVerifyDepth 10
  7. LoadModule ssl_module modules/mod_ssl.so.
Figure 244. Figure 268 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\13.1.PemCerti.JPG
Figure 245. Figure 269 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\13.2.PemCerti.JPG
  1. To make the changes to the Endpoint URL, go to the BigFix Runbook AI website.
  2. Click Advance Configuration  Product Configuration.
Figure 246. Figure 270 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
  1. Select Component Name as ‘iRecommend’.
  2. Change the Load Balancer URL from ‘https’ to ‘http’.
  3. Click Update.
Figure 247. Figure 271 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\18.2.iAutomateConfig.jpg
  1. Repeat Steps 7 & 8 for each of the AI components mentioned below –

Entity

iKnowledge

iKnowledgeCrawler

iKnowledgeIndexer

iKnowledgeScreen

iKnowledgeSearch

iParse

iRecommend

iScript

iUnique

ratingMongo

IIS Configuration:

  1. Press Win + R and type inetmgr.
  1. Click OK to open IIS.
Figure 248. Figure 272 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
  1. Expand Sites.
Figure 249. Figure 273 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
  1. Go to Application Pools. Click on your specific application pool. Click Recycle or Stop and then click Start
Figure 250. Figure 274 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\10.2.IIS-AppPool.JPG
  1. Go to Sites. Click the site having name BaseUI. Click on Restart.
Figure 251. Figure 275 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\11.2.IIS-BaseUI.JPG
  1. Go to Sites. Click the site having name WEBAPI. Click on Restart.
Figure 252. Figure 276 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\11.3.IIS-WebApi.JPG

Restart Services

  1. Press Win+R and type services.msc.
Figure 253. Figure 277 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
  1. Click OK to open Windows Services.
Figure 254. Figure 278 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
  1. Search for Services.
  2. Restart Apache24 service.
  3. Restart all HCL.iAutomate services.
Figure 255. Figure 279 - Configuration Changes – Access BigFix Runbook AI without Certificate (Type – PEM)
C:\Users\vashistg\Desktop\iAutomate Documents\No Certificate Documentation\12.Services.JPG

Configuration Changes - Run BASEUI and WEBAPI on Same Port

This section describes the steps for making the required configurational changes to enable BASEUI and WEBAPI on Same Port.

  1. Press Win+R and type intemgr.
Figure 256. Figure 280 - Configuration Changes - Run BASEUI and WEBAPI on Same Port
Graphical user interface Description automatically generated
  1. IIS will be opened. Expand the server’s name and then the sites.
Figure 257. Figure 281 - Configuration Changes - Run BASEUI and WEBAPI on Same Port
  1. Right click on HCLiAutomateBaseUI and click on add application.
Figure 258. Figure 282 - Configuration Changes - Run BASEUI and WEBAPI on Same Port
  1. On the popup opened, enter Alias as ‘WebAPI’, Application pool as ‘iAutomateAppPool’ and enter the path till WebAPI folder in Physical Path. Click Ok.
Figure 259. Figure 283 - Configuration Changes - Run BASEUI and WEBAPI on Same Port
  1. The WebAPI application will now appear under HCLiAutomateBaseUI.
Figure 260. Figure 284 - Configuration Changes - Run BASEUI and WEBAPI on Same Port
  1. To test whether API and BaseUI is working on same port, if BaseUI is accessible as https://localhost:443 then type below URL and see if WebAPI is also accessible with below URL:
  1. WebAPI URL: <BaseUI URL>/<Alias Name of Folder>/iAutomateAPI/Request/Getheartbeat
  2. Eg: https://localhost:443/WebAPI/iAutomateAPI/Request/Getheartbeat
  1. Go to web.config file of BaseUI. For that, go to IIS, expand server name and sites, and right click on HCLiAutomateBaseUI and click on explore. Search the web.config file in the opened folder and open the file.
  2. In the web.config file, search for ‘sessionState mode= “SQLServer”’. Comment this line and uncomment the line with sessionState mode= “InProc” like given below:
Figure 261. Figure 285 - Configuration Changes - Run BASEUI and WEBAPI on Same Port
  1. Save the web.config and restart the HCLiAutomateBaseUI in IIS. Now enter the WEBAPI URL (mentioned in Step 6) in browser. Now it should successfully give the below output:
Figure 262. Figure 286 - Configuration Changes - Run BASEUI and WEBAPI on Same Port

Configuration Changes in Apache –FOR PYTHON COMPONENTS

  1. Go to Run (Windows + R) and type services.msc and search and stop the python services.

Figure 445- Apache Upgradation

Apache2.4

HCL.iAutomate.Entitymodel

HCL.iAutomate.iCrawler

HCL.iAutomate.iknowledge

HCL.iAutomate.iKnowledgeIndexer

HCL.iAutomate.iKnowledgeScreen

HCL.iAutomate.iKnowledgeSearch

HCL.iAutomate.iRecommend

HCL.iAutomate.iParse

HCL.iAutomate.iScript

HCL.iAutomate.iUnique

HCL.iAutomate.RatingMongo

  1. Open below path in explorer: C:\Apache24\conf
  2. Navigate to the above path mentioned, need to update in .conf file of all python components as mentioned in the below screenshot

C:\Users\ganeshmoorthy.h\OneDrive - HCL Technologies Ltd\Desktop\ssss.PNG

Figure 446 - Apache Upgradation (cont.)

  1. Open the conf files one by one in notepad++/notepad, locate the word “Define SRVROOT "/Apache24”.
  2. If it is present you can skip this step and proceed with Step 6, if not add the following 3 lines by searching for the word “ServerRoot "c:/Apache24"
  • Replace “ServerRoot "c:/Apache24"” line in the file with below 3 lines
  • Define SRVROOT "/Apache24"
  • ServerRoot "${SRVROOT}"
  • PidFile "${SRVROOT}/httpd.pid"

By Default TLS version, 1.3 has been enabled in this apache configuration. If you want to enable any other TLS version for a particular windows build you need to follow below mentioned steps else continue with step 9

  1. Then find the line “SSLEngine on” in the same document
  2. Based on the TLS requirement, check the TLS version that needs to enabled and copy the lines mentioned below for respective TLS version and paste it after “SSLEngine on” line in conf file by removing/uncomment “#” from the beginning and save the file.
  3. If the required TLS line is already uncommented, skip and proceed with Step No 9, if it’s not present perform below steps.

Table 15 - TLS versions -Apache

  1. #To enable SSL protocol TLS1.1 uncomment the below line
  2. #SSLProtocol -all +TLSv1.1
  3. #To enable SSL protocol TLS1.2 uncomment the below line
  4. #SSLProtocol -all +TLSv1.2
  5. #To enable SSL protocol TLS1.3 uncomment the below line
  6. #SSLProtocol -all +TLSv1.3
  7. #To enable and integrate SSL protocol TLS1.2 and TLS1.3 uncomment the below line
  8. #SSLProtocol -all +TLSv1.2 +TLSv1.3
  9. #To enable SSL protocol till TLS1.2 uncomment the below line
  10. #SSLProtocol +SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
  1. For example:
  1. If need to go with TLS version 1.2: Removed “#” in the below screenshot and save the file.

  2. Figure 447 - Apache Upgradation (cont.)

  3. Changes needs to be done for all Python Components that are selected in figure 446
  1. Verify the changes done in all python components.
  2. Go to Run (Windows + R) and type services.msc and start the python services, which are in stop state.

Figure 448 - Screenshot of the Apache Python services