SSL/TLS Requirements

If you want to install the Nintex RPA Platform using SSL/TLS, you have two options:

Option 1: Let the RPA installer generate the CA and certificate for you on the fly.

Option 2: Provide the organization's certificate. The certificate must meet the following requirements:

File format	PKCS #12 is PFX format (bundles a private key with its X.509 certificate) If PFX file is secured with a password, the customer must know it. Certificate must be capable of being installed locally on server machine's personal certificate repository Files must contain: The RPA server FQDN in the Subject field (for example, CN=prodserver.mycompany.com) The RPA server FQDN in the Subject Alternative Names field (for example, DNS=prodserver.mycompany.co)
Issuer	Signed by a known, valid certificate authority: public CA or private CA
Public key	RSA 2048+
Signature hash	SHA256
Enhanced key usage	Server Authentication or Multipurpose
Certificate expiration date	It is the customer’s responsibility to make sure certificates are kept up to date.

TLS v1.3 is supported.