Generate a user certificate for client authentication and code signing in your Windows machine using the KeyStore Explorer application. This reference procedure is one of many methods to generate a user certificate.

Before you begin

Do this task in your Windows machine.

If user certificates are generated by your organization, then you can skip this procedure. You can proceed with installing the user certificate.

Role required: admin

About this task

Important: The following procedure is for reference only. The steps may vary, depending on how certificates used within your organization are generated. Consult your IT administrator for more details.

You can install the KeyStore Explorer application in your Windows machine and then generate a client authentication and code signing certificate from the KeyStore Explorer application. Skip this task, if you already have these certificates.

Generate a client authentication certificate for authentication purposes in the Unattended Robot application.

Generate a code signing certificate for publishing an automation project from RPA Desktop Design Studio.

Procedure

  1. Navigate to https://keystore-explorer.org/downloads.html.
  2. Download the latest setup.exe file for the Windows machine.
  3. To install the KeyStore Explorer, do the following actions:
    1. Open the downloaded setup.exe file.
    2. In the Select Setup Language dialog box, select a language to use during the installation and select OK.
    3. In the Welcome to the KeyStore Explorer Setup Wizard dialog box, select Next.
    4. In the Select Destination Location dialog box, select a folder to install the KeyStore Explorer and select Next.
    5. In the Select Start Menu Folder dialog box, to create shortcuts of the program in the default folder, select Next.
    6. In the Select Additional Tasks dialog box, select the additional tasks that you would like the setup to perform while installing the KeyStore Explorer and then select Next.
    7. In the Ready to Install dialog box, select Install.
    8. After the installation is complete, select Finish to exit.
  4. From your desktop, double-click the KeyStore Explorer icon and select Create a new KeyStore.
  5. In the New KeyStore Type dialog box, select JKS as a type of the new KeyStore and select OK.
    The new KeyStore appears as an additional Untitled tab.
  6. On the Untitled tab, right-click the screen and select Generate Key Pair.
  7. In the Generate Key Pair dialog box, select OK.
  8. In the Generate Key Pair Certificate dialog box, enter a name for the certificate.
  9. Generate a user certificate.
    Certificate typeSteps
    mTLS authentication for client certificate
    1. In the Generate Key Pair Certificate dialog box, select Add Extensions.
    2. Select the icon.

    3. In the Add Extension Type dialog box, select Extended Key Usage (EKU).

    4. In the Extended Key Usage Extension (EKU) dialog box, select Edit.

    5. In the Custom Extended Key Usage dialog box, select the icon.

    6. In the Add Custom Extended Key Usage dialog box, in the Object Identifier field, enter 1.3.6.1.5.5.7.3.2 clientAuth.

      Add Custom Extended Key Usage dialog box with Client Auth value selected.
    7. Select OK.
    Code signing certificate
    1. In the Generate Key Pair Certificate dialog box, select Add Extensions.
    2. In the Add Certificate Extensions dialog box, select Use Standard Template.
    3. In the Select a Standard Certificate dialog box, select Code Signing.
    4. Select OK.
    5. In the Add Certificate Extensions dialog box, select OK.
  10. In the Generate Key Pair Certificate dialog box, select the book icon against the Name field, and then do the following actions:
    1. In the Name dialog box, fill in the details of your organization.
    2. Select OK.
  11. In the Generate Key Pair Certificate dialog box, select OK.
  12. In the New Key Pair Entry Alias dialog box, enter an alias name in the Enter Alias field and select OK.
  13. In the New Key Pair Entry Password dialog box, do the following actions to generate a key pair:
    1. In the Enter New Password: field, enter a new password for the key pair.
    2. In the Confirm New Password: field, confirm the new password.
    3. Select OK.
    4. After the key pair is generated, select OK.
  14. On the Untitled tab, right-click this key, select View Details, and then select Certificate Chain Details.
  15. In the Certificate Details for Entry dialog box, select the PEM button.
  16. In the Certificate PEM dialog box, select Export.
  17. Select a location to save this file as a .pem file and select Save.
    Use this file to upload in the instance for creating a Certificate Authority (CA) chain record and user record.
  18. After the PEM is exported successfully, select OK and close all the tabs.
  19. On the Untitled tab, do the following actions to generate a .p12 file:
    1. Right-click the key entry, select Export, and then select Export Key Pair.
    2. In the Export Key Pair from KeyStore Entry dialog box, enter a password in the Password for Output File: field.
    3. In the Confirm Password field, confirm the password.
    4. Select Export.
      This file is saved as .p12 file and is used in Unattended Robot for authentication.
    5. After the key pair is exported successfully, in the Export Key Pair dialog box, select OK.

What to do next

Activate the certificate-based authentication plugin, if you have the admin role. It is a prerequisite for registering the certificates on the instance. For more information, see Activate the certificate-based authentication.

Register user-generated client authentication certificate to make it available for authentication. For more information, see Register the CA certificate.

Map the user-generated client authentication certificate to the user. For more information, see Map the PEM certificate to user.

Install the generated client authentication and code signing certificate. For more information, see Install the user-generated certificates.