Certificate requirements for Pega Robotic Automation Deployment Portal
To use Pega® Robotic Automation Deployment Portal in Robotic Automation or Workforce Intelligence implementations, you must provide the public key certificate or the Active Directory Federation Service (AD FS) token-signing certificate.
You can purchase the certificate from any of the established Secure Sockets Layer (SSL) certificate vendors. Be sure to purchase the certificate and provide it to Pega Support at least two weeks before the scheduled installation date.
Certificates must be an X.509 v3 certificate with an RSA or DSA key that is issued by an established Public Certificate Authority.
Cryptographic Next Generation (CNG) certificates are not supported.
Make sure that the common name uses the Fully Qualified Domain Name (FQDN) of the Internet Information Services (IIS) Server or the AD FS server to which the self-signed certificate will be issued.
Review the following certificate requirements:
- Third-party certificates — Pega recommends that you use third-party token certificates because they add additional security for revocation checks. These revocation checks are performed to prevent man-in-the-middle attacks between the Deployment Portal and the client machine. If the third-party signing certificate contains a root and an intermediate certificate, provide those certificates along with the token certificate.
- Self-signed certificates — If you choose to use a self-signed certificate, it should contain a SHA-256 signature hash algorithm and RSA encryption. The RSA key should be at least 2048 bits. The certificate must contain all basic Identifiers so that the Robotic Automation Deployment Portal server can detect that the certificate is self-signed.
Published November 10, 2017 — Updated April 25, 2019