Install and configure the web server – Interact
Install and configure the Web Server as per the installation instructions in the Blue Prism Hub installation guide.
Instructional videos on how to install the prerequisite software and Blue Prism Interact are available from: https://bpdocs.blueprism.com/en-us/video/installation.htm.
Install Prerequisites
The system requires IIS Web Server and the .NET Core components to be installed. These are all installed as part of a successful installation of Blue Prism Hub. Interact can coexist alongside the Hub web services. See Prerequisites for details.
Configure SSL Certificates
During the installation process you will be asked for the SSL certificates for the websites that are being set up. Depending on your infrastructure and IT organization security requirements, this could be an internally created SSL certificate or a purchased certificate to protect the websites.
The installer can be run without the certificates being present, though for the sites to operate, the bindings in the IIS websites will need to have valid SSL certificates present.
The table below details the required Interact SSL certificates.
Website in IIS |
Default URL |
---|---|
Websites with a UI for use by end-users |
|
Blue Prism – Interact |
https://interact.local |
Websites for use by the application only (services) |
|
Blue Prism – IADA |
https://iada.local |
Blue Prism – Interact Remote API |
https://interactremoteapi.local |
The default URLs shown above are suitable for a standalone environment, such as a test environment. Your organization’s DNS and Domain structures must be considered when choosing host names for your installation.
Self-signed certificates
Self-signed certificates can be used but are only recommended for Proof of Concept (POC), Proof of Value (POV) and Development environments. For production environments, use certificates from your organization's approved certificate authority. It is recommended that you contact your IT Security team to check what their requirements are.
To generate a self-signed certificate:
-
Run PowerShell as an administrator and use the following command, replacing [Website] and [ExpiryYears] with appropriate values:
CopyNew-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "[Website].local" -FriendlyName "MySiteCert[Website]" -NotAfter (Get-Date).AddYears([ExpiryYears])
For example:
CopyNew-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "authentication.local" -FriendlyName "MySiteCertAuthentication" -NotAfter (Get-Date).AddYears(10)
This example creates a self-signed certificate called MySiteCertAuthentication in the Personal Certificates store, with the Subject authentication.local and is valid for 10 years from the point of creation.
- Open the Manage Computer Certificates application on your web server (type manage computer into the search bar).
-
Copy and paste the certificate from Personal > Certificates to Trusted Root Certification > Certificates.
- Repeat this process for each website.
This process is not recommended for production environments.
Run the following PowerShell commands:
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "interact.local" -FriendlyName "MySiteCertInteract" -NotAfter (Get-Date).AddYears(10)
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "iada.local" -FriendlyName "MySiteCertIADA" -NotAfter (Get-Date).AddYears(10)
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "interactremoteapi.local" -FriendlyName "MySiteCertIRA" -NotAfter (Get-Date).AddYears(10)
Once created, open the Local Machine certificate manager (certlm) and copy and paste the certificates into the trusted root certificate store.
Create an offline certificate request
To create an offline certificate request, for each certificate follow this procedure:
- Open the Manage Computer Certificates application on your web server (type managed computer into the search bar).
-
Right-click Personal > Certificates and select All Tasks > Advanced Operations > Create Custom Request from the shortcut menu.
The Certificate Enrollment wizard displays.
-
Click Next.
- Select Proceed without enrollment policy and click Next.
-
On the Custom request screen, click Next.
-
On the Certificate Information screen, click the Details drop-down and click Properties.
- On the General tab in the Certificate Properties dialog, enter a friendly name and description based on the website this certificate will be applied to.
-
On the Subject tab change the subject name type to Common name, enter the website URL in the Value field and click Add.
The CN (common name) will display in the right-hand panel.
- On the Extensions tab, click Extended Key Usage, select Server Authentication and click Add.
- On the Private Key tab, click Key options, select a key size of your choice and select Make private key exportable.
- Still on the Private Key tab, click Hash Algorithm and select a suitable Hash (optional).
-
Click OK.
You are returned to the Certificate Enrollment screen.
- Click Next.
- Add a file name and path and click Finish.
After creating your certificate request, you will need to submit it to a Certificate Authority so they can process your request and issue a certificate. The certificate request is a text file. Usually, you are required to copy the text from the file and enter it into an online submission form on the Certificate Authority website. You will need to contact your Certificate Authority directly for instructions on the process for submitting your certificate request.