How to update expire Aras certifies

How can I update expired Aras certificates

  • E:\Aras\OAuthServer\App_Data\Certificates

    the certificate under this directory are expired how can i update this?

  • OMG, thanks for this hint! Haven´t noticed yet that the certificates can expire. 

    Unfortunately I don´t know how to create new certificates. I know that installing Innovator creates a new set of certificates. In worst case reinstall Innovator and relink your database.

    But I assume that there must be a better solution. Maybe we can create our own with openssl or similar??

    Can you describe the effects of the invalid certificates? I assume not all features of Innovator will work anymore? (ConversionServer? Vault?)

    I have moved my own instances from Windows Server 2012 to 2022 a few weeks ago, so I am right now not affected. But I would be interested in a solution too! I wonder why we haven´t heard anything from Aras regarding this issue. I guess many Innovator 12 installation are more or less 2 years old and can face this trap soon.


  • Hi Haider and Hkhan,

    were you able to find a solution for this one?

    I need to find a solution...till 2024. So there is no real hurry. But I think this topic will become relevant for many users who don´t update on a regular basis. So it´s better to be prepared.

    I haven´t done any tests regarding custom certificates yet. And so far I haven´t seen any document related to certificates in . Not sure if Aras is aware of the issue. 

    IMPORTANT: For anyone who came across this post by accident: If you use the same Innovator 12+ instance for around 2 years, check the validity of your certificates. You might be affected by the topic of this post too. 

    Hope this posts gets more attention.

    Thanks again for bringing up the topic!


  • Hello Angelalp,

    I contacted Aras for help and the following is the solution they provided 

    To generate new certificates:

    1. Download from the FTP site i have added to this page 
    2. Open a command prompt window as Administrator
    3. Navigate to the folder containing CreateOAuthCertificates.bat
    4. Execute the following command to generate certificates:


                CreateOAuthCertificates.bat <ServerName> <Password>



    ServerName – the name of the server for which a certificate should be generated (OAuthServer, InnovatorServer, VaultServer, AgentService, SelfServiceReporting).

    Password – the password for the private certificate.


    Note: Each run of the batch file generates a pair of certificates in the {Current_Directory}\Output\ directory, for example: OAuthServer.cer (public certificate) and OAuthServer.pfx (private certificate protected by the password). You will need to run this for each part of the application components.


    Once the Certificates have been created copy them the corresponding directories.


    Deploying the OAuthServer Certificates:

    • Copy OAuthServer.pfx to OAuthServer\App_Data\Certificates\
    • Copy the OAuthServer.pfx to the following folders:
      • OAuthServer\App_Data\Certificates\
      • Innovator\Server\App_Data\Certificates\
      • SelfServiceReporting\App_Data\Certificates\
      • VaultServer\App_Data\Certificates\
    • Specify the password in oauth\server\tokenSigning\certificate\@password attribute of OAuthServer\OAuth.config file.


    Deploying the Aras Innovator Server Certificates

    • Copy InnovatorServer.pfx to Innovator\Server\App_Data\Certificates\.
    • Copy InnovatorServer.cer to OAuthServer\App_Data\Certificates\.
    • Specify password in oauth\client\secret\certificate\@password attribute of Innovator\Server\OAuth.config file.


    Deploying the Vault Server Certificates:

    • Copy VaultServer.pfx to VaultServer\App_Data\Certificates\.
    • Copy VaultServer.cer to OAuthServer\App_Data\Certificates\.
    • Specify password in oauth\client\secret\certificate\@password attribute of VaultServer\OAuth.config file.


    Deploying the Agent Service Certificates

    • Copy AgentService.pfx to AgentService\App_Data\Certificates\.
    • Copy AgentService.cer to OAuthServer\App_Data\Certificates\.
    • Specify password in oauth\client\secret\certificate\@password attribute of AgentService\OAuth.config file.


    Deploying the Self Service Reporting Certificates:

    • Copy SelfServiceReporting.pfx to SelfServiceReporting\App_Data\Certificates\.
    • Copy SelfServiceReporting.cer to OAuthServer\App_Data\Certificates\.

    Specify password in oauth\client\secret\certificate\@password attribute of SelfServiceReporting\OAuth.config file.GenerateOAuthCertificates (1).zip

  • Hi Hkhan,

    many thanks for sharing this information! I made a quick test and the resulting certs lock fine.

    I am a little bit proud that my earlier openssl idea wasn´t so wrong at all. It´s exactly the same concept that Aras uses.Smile

    Best wishes!