Install and configure the web server – Interact

Install and configure the Web Server as per the installation instructions in the Blue Prism Hub installation guide.

Instructional videos on how to install the prerequisite software and Blue Prism Interact are available from: https://bpdocs.blueprism.com/en-us/video/installation.htm.

Install Prerequisites

The system requires IIS Web Server and the .NET Core components to be installed. These are all installed as part of a successful installation of Blue Prism Hub. Interact can coexist alongside the Hub web services. See Prerequisites for details.

Configure SSL Certificates

During the installation process you will be asked for the SSL certificates for the websites that are being set up. Depending on your infrastructure and IT organization security requirements, this could be an internally created SSL certificate or a purchased certificate to protect the websites.

The installer can be run without the certificates being present, though for the sites to operate, the bindings in the IIS websites will need to have valid SSL certificates present.

The table below details the required Interact SSL certificates.

Website in IIS

Default URL

Websites with a UI for use by end-users

Blue Prism – Interact

https://interact.local

Websites for use by the application only (services)

Blue Prism – IADA

https://iada.local

Blue Prism – Interact Remote API

https://interactremoteapi.local

The default URLs shown above are suitable for a standalone environment, such as a test environment. Your organization’s DNS and Domain structures must be considered when choosing host names for your installation. However, the first part of the default host name must not be changed; you can only change the .local part of the host name.

Self-signed certificates

Self-signed certificates can be used but are only recommended for Proof of Concept (POC), Proof of Value (POV) and Development environments. For production environments, use certificates from your organization's approved certificate authority. It is recommended that you contact your IT Security team to check what their requirements are.

To generate a self-signed certificate:

  1. Run PowerShell as an administrator and use the following command, replacing [Website] and [ExpiryYears] with appropriate values:

    Copy
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "[Website].local" -FriendlyName "MySiteCert[Website]" -NotAfter (Get-Date).AddYears([ExpiryYears])

    For example:

    Copy
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "authentication.local" -FriendlyName "MySiteCertAuthentication" -NotAfter (Get-Date).AddYears(10)

    This example creates a self-signed certificate called MySiteCertAuthentication in the Personal Certificates store, with the Subject authentication.local and is valid for 10 years from the point of creation.

  2. Open the Manage Computer Certificates application on your web server (type manage computer into the search bar).
  3. Copy and paste the certificate from Personal > Certificates to Trusted Root Certification > Certificates.

  4. Repeat this process for each website.

Create an offline certificate request

To create an offline certificate request, for each certificate follow this procedure:

  1. Open the Manage Computer Certificates application on your web server (type managed computer into the search bar).
  2. Right-click Personal > Certificates and select All Tasks > Advanced Operations > Create Custom Request from the shortcut menu.

    The Certificate Enrollment wizard displays.

  3. Click Next.

  4. Select Proceed without enrollment policy and click Next.
  5. On the Custom request screen, click Next.

  6. On the Certificate Information screen, click the Details drop-down and click Properties.

  7. On the General tab in the Certificate Properties dialog, enter a friendly name and description based on the website this certificate will be applied to.
  8. On the Subject tab change the subject name type to Common name, enter the website URL in the Value field and click Add.

    The CN (common name) will display in the right-hand panel.

  9. On the Extensions tab, click Extended Key Usage, select Server Authentication and click Add.
  10. On the Private Key tab, click Key options, select a key size of your choice and select Make private key exportable.
  11. Still on the Private Key tab, click Hash Algorithm and select a suitable Hash (optional).
  12. Click OK.

    You are returned to the Certificate Enrollment screen.

  13. Click Next.
  14. Add a file name and path and click Finish.

After creating your certificate request, you will need to submit it to a Certificate Authority so they can process your request and issue a certificate. The certificate request is a text file. Usually, you are required to copy the text from the file and enter it into an online submission form on the Certificate Authority website. You will need to contact your Certificate Authority directly for instructions on the process for submitting your certificate request.