Skip to content
CA Unified Infrastructure Management - 9.0.2
Documentation powered by DocOps

Configure the robot.cfg File

Last update October 25, 2018

The UIM Server installer creates a .pem file (certificate.pem) in the <Nimsoft>\security folder. The .pem file is a symmetric key that is shared with the required robots, which is then used for communication with the data_engine probe. You copy this .pem file to the remote UMP, UR, and CABI robots and provide the location of the file in the robot.cfg file (cryptkey = <.pem file location>). Furthermore, if any impacted probe is not on the same computer where data_engine is present, copy the generated .pem file to the robot computer (where data_engine is not available) and update the robot.cfg file with the .pem file location on that computer.

To configure the robot.cfg file, follow these steps:

  1. Navigate to the <nimsoft>\robot folder.
  2. Open the robot.cfg file in a text editor.
  3. Add the following parameter to the file:
    cryptkey = <location of the .pem file>
    For example, cryptkey = c:\Certificate\certificate.pem
  4. Save your changes.
    Note: You do not need to restart the robot.

You have successfully configured the robot.cfg file.

Create a .pem File

Though the UIM Server installer automatically generates a .pem file (certificate.pem) in the <Nimsoft>\security folder, you can generate your own .pem file, if you want. You then need to copy the same .pem file to all the required places (UMP robot, UR robot, CABI robot) and configure the robot.cfg file as explained.  You can use OpenSSL to create a .pem file. 

Note: data_engine does not consider the .pem file expiry though the automatically generated .pem file has a validity of 365 days. However, as a best practice, we recommend that you keep regenerating your .pem file based on your security requirements.

Follow these steps:

  1. For Windows, you can download OpenSSL from http://gnuwin32.sourceforge.net/packages/openssl.htm. Then, create a new system environment variable OPENSSL_CONF with the value C:\Program Files (x86)\GnuWin32\share\openssl.cnf
    For Linux, use appropriate package manager to install OpenSSL.
  2. Open the command prompt and navigate to the location where the OpenSSL executable file is available.
  3. Run the following command:
    openssl req -nodes -new -x509 -days <number of days the certificate is valid for> -out <certificate_filename>.pem
    Note: Ensure that your certificate filename does not include spaces. 
  4.  Enter the following information when prompted:

    • Country Name (2 letter code) [AU]:

    • State or Province Name (full name) [Some-State]:

    • Locality Name (eg, city) []:

    • Organization Name (eg, company) [Internet Widgits Pty Ltd]:

    • Organizational Unit Name (eg, section) []:

    • Common Name (e.g. server FQDN or YOUR name) []:

    • Email Address []:

    The .pem file is generated in the same location where the OpenSSL executable is available.
  5. Copy the .pem file to the location that is accessible only to the appropriate users in your CA UIM environment.
    You provide this location while configuring the robot.cfg file.
Was this helpful?

Please log in to post comments.