Configuring SSL local options

To set the SSL local options you must edit the WRKDIR/localopts file of the HCL Workload Automation for Z master by removing the # sign in column 1 and changing the value of the corresponding SSL option. This file is also present on the HCL Workload Automation workstations and must be customized as follows:

SSL key store

The filename of the GSK database containing keys and certificates. The default value is WRKDIR/ssl/TWS.kdb. The GSK database replaces the following information specified in the distributed localopts file:

• SSL Certification Authority certificate
• SSL certificate
• SSL certificate chain
• SSL random seed
• SSL key

SSL key store pwd

The name of the file containing the key password. The default is WRKDIR/ssl/TWS.sth. It replaces the SSL key pwd option of the distributed localopts file.

SSL auth mode

The kind of checks that HCL Workload Automation for Z performs to verify the certificate validity. You can specify one of the following values:

caonly

HCL Workload Automation for Z checks the certificate validity by verifying that a recognized Certification Authority has issued the peer certificate. Information contained in the certificate is not checked. If you do not specify the SSL auth mode keyword or you define a non-permitted value, the caonly value is used.

string

HCL Workload Automation for Z checks the certificate validity as described in the caonly option. It also verifies that the Common Name (CN) of the Certificate Subject matches the string specified in the SSL auth string option.

cpu

HCL Workload Automation for Z checks the certificate validity as described in the caonly option. It also verifies that the Common Name (CN) of the Certificate Subject matches the name of the CPU that requested the service.

SSL auth string

A string (1 to 64 characters in length) used to verify the certificate validity when you specify string as the SSL auth mode value. If the SSL auth string option is required and it is not specified, tws is used as the default value.