leslie.threlkeld@nintex.com

Nintex for SharePoint on-premises: Install new SSL certificates for Nintex external platform

Blog Post created by leslie.threlkeld@nintex.com Employee on Sep 30, 2018

Applies to: Nintex Workflow and Nintex Forms for SharePoint 2016, 2013, and 2010

 

Note: The Nintex external platform includes the following external services: Nintex Live (connector actions), external forms (live forms), Document Generation, and External Start.

Overview

If you are running a previous version of Nintex Workflow for SharePoint, and are not yet ready to upgrade your installation to the latest product version, you can install the latest SSL certificates for the Nintex external platform using one of the following methods:

  • Method 1: Automatically install the new certificates by running a script on the Central Administration server.
  • Method 2: Manually download the certificates from the Digicert website, then upload and install each certificate in Central Administration.

This article describes both methods.

 

Prerequisites

  • Ensure that you have a version of Nintex Workflow or Nintex Forms for SharePoint installed older than:
    Nintex for SharePoint 2016, version 4.3.3.0
    Nintex Workflow for SharePoint 2013, version 3.3.1.0
    Nintex Forms for SharePoint 2013, version 2.11.4.0

Nintex Workflow for SharePoint 2010, version 2.5.7.0

Nintex Forms for SharePoint 2010, version 1.12.2.30
To find your product version, see https://community.nintex.com/docs/DOC-1394

  • If you have any of the following external services, verify that they are enabled.
    • Nintex Live (connector actions)
    • External forms (live forms)
    • Document Generation
    • External Start

 

 

Important! If you choose to manually install these certificates, you are also required to run the upgrade script for reliability updates provided with the latest version of the installer. To run the upgrade script, see the Nintex Connector Workflow Queue Service upgrade process.

 

Automatically install the new SSL certificates by running a script

  1. From the Central Administration server, click the following link to download the script.
    http://nintexdownload.com/sl/supportfiles/InstallTrustedCertificate_Signed.zip 
  2. Locate the InstallTrustedCertificate script and SampleUsage document as shown.
  3. Open a PowerShell command prompt as the administrator and follow these steps: 
    1. To install the DigiCertSHA2SecureServerCA.crt trusted certificate, run:
      .\InstallTrustedCertificate.ps1 -certFileName "DigiCertSHA2SecureServerCA.crt"
    2. To install the DigiCertGlobalRootCA.crt trusted certificate, run:
      .\InstallTrustedCertificate.ps1 -certFileName "DigiCertGlobalRootCA.crt"
  4. In Central Administration, navigate to Security, General Security, Manage Trust and view the following certificates: 
    DigiCertGlobalRootCA
    DigiCertSHA2SecureServerCA
  5. Test the live connection as follows.
    • 2013 and 2010: In Central Administration, navigate to Nintex Live ManagementHealth Checks.

    • 2016: In Central Administration, navigate to Nintex AdministrationSupport and TroubleshootingHealth Checks.


Download the SSL certificates from Digicert, then upload and install each certificate in Central Administration

  1. Go to https://www.digicert.com/digicert-root-certificates.htm.
  2. Download the following certificates to a local directory on the Central Administration server:
    • Under Root Certificates, download DigiCert Global Root CA.
    • Under Intermediate Certificates, download DigiCert SHA2 Secure Server CA.
  3. In Central Administration, navigate to Security, General Security, Manage Trust.
  4. Establish a trust relationship. Upload each certificate by clicking New and filling in the required details as shown. When complete, click OK. The new certificates are installed.

  5. Test the live connection as follows:
    • 2013 and 2010: In Central Administration, navigate to Nintex Live Management, Health Checks.
    • 2016: In Central Administration, navigate to Nintex Administration, Support and Troubleshooting, Health Checks.
  6. Run the upgrade script to get the reliability updates provided with the latest version of the installer. To run the script, see the Nintex Connector Workflow Queue Service upgrade process.

Outcomes