TLS Configuration- Post Installation

TLS is an encryption protocol designed to ensure privacy and keep data secure when being transferred over a network. The following steps are required to ensure that the PD server uses TLS protocol, as older versions did not support TLS configuration.

For troubleshooting or any issues, follow the manual steps under: Nintex Process Discovery over HTTPS

Prerequisites

  • SSL Certificates - server certificate (*.crt format) + server key file (*.pem format) + CA bundle certificate (*.pem format).

The certificate file names should not contain dot characters e.g. my.cert.crt.

These Service names have changed (as of version 22.7):

  • Nintex Server – Authentication Gateway

  • Nintex Server – Authentication Server

  • Kryon Server – Process Discovery Service

Configuration via ConfigureAll

To configure TLS via the ​configureAll​​ command:

  1. Check that the .crt, .key, and CA bundle certificates are under the same folder.

  2. Open ​C:\Nintex\installer-assets\config\prod\scripts\config.prod.properties.json​​.

  3. Update the following parameters:

    • "NGINX_PORT": 443
    • "KEYCLOAK_HOST": "<FQDN>"
    • "KEYCLOAK_SSL": true
    • "NODEJS_CA_CERTS": "<ca bundle file name>"

      ​​Example​​: "NODEJS_CA_CERTS": "ca-bundle.pem"

    • "HTTP_TYPE": "https"
    • "TLS_ENABLED": "true"
    • "CERTS_DIR ": <Path of the certificates folder>"

      ​​Example​​: "CERTS_DIR": "C:\\Users\\Administrator\\Downloads\\certificateskryonaws"

    • "AEROBASE_TLS_CERT": "<certificate full path>"

      ​​Example​​: "AEROBASE_TLS_CERT": ,"C:\\Users\\Administrator\\Downloads\\certificateskryonaws\\certificate.crt"

    • "AEROBASE_TLS_KEY": "<key full path>"

      ​​Example​​: "AEROBASE_TLS_KEY": "C:\\Users\\Administrator\\Downloads\\certificateskryonaws\\Key.key"

    • "WORKING_SERVER_FQDN": "<FQDN>"

  4. Save the file.

  5. Open CMD and run the command:

    ​CD C:\Nintex\installer-assets\config\prod\scripts powershell.exe -Command "C:\Nintex\installer-assets\config\prod\scripts\configureAll.ps1 -h 'C:\Nintex' -configDir 'C:\Nintex\config' -n prod -servicesDir 'C:\Nintex\PDServer\MicroServices' -utilsDir 'C:\Nintex\PDServer\Support'"

  6. In the browser address bar, use https:// protocol to access Process Discovery components:

    1. PD Console: ​https://${FQDN}/console

      Log in with the following username and password:

      Username: Pdconsole

      Default temporary password: Pd123456! (if you changed the password in step 4, use the newly created password)​​

    2. Seq logging server: ​https://${FQDN}/seq

    3. Aerobase management: ​https://${FQDN}/auth/admin/nintex/console/#/realms/nintex

      Log in with the following username and password:

      Username: authadmin

      Default temporary password: Nintex123! (You may be asked to change the password. If you do, be sure to write it down)

Configuration of a Key Certificate ​with​​ Password

If the key certificate has a password, you can configure the Process Discovery Server to use your certificate after the above TLS configuration.

To configure a key certificate:

  1. Create a .txt file with the password phrase and save it under: ​C:\Nintex\IDP\Aerobase\Configuration\ssl\<fileName>.txt​​.

  2. Go to ​C:\Nintex\IDP\Aerobase\Data\nginx\conf​​ and find these files:

    • aerobase-http.conf

    • aerobase-subdomains.conf

  3. Where the other ssl_certificate parameters were automatically generated during the TLS configuration above, add the ssl_password_file:

    ssl_certificate C:/Nintex/IDP/Aerobase/Configuration/ssl/certificate.crt

    ssl_password_file C:/Nintex/IDP/Aerobase/Configuration/ssl/password.txt

    ssl_certificate_key C:/Nintex/IDP/Aerobase/Configuration/ssl/Key.key

​​​​