Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.1.
Planning and Installation
Upgrading
How to upgrade HCL Workload Automation to the current version.
Upgrading from the CLI
Upgrade HCL Workload Automation from the command-line interface.
Parallel upgrade from version 9.4.0.x to version 9.5.0.x or 10.2.x
Detailed steps to perform a parallel upgrade from version 9.4.0.x to version 9.5.0.x or 10.2.x
Extracting default certificates
Procedure to extract and convert default certificates generated in your current version prior to upgrading.

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.1.
- Planning and Installation
  - Planning
  - Installing HCL Workload Automation
    Available installation methods
  - Configuring
    Configuring HCL Workload Automation components after installation.
  - Upgrading
    How to upgrade HCL Workload Automation to the current version.
    - Downloading installation images on your workstation
      Steps to take when downloading images on your workstation.
    - Upgrading from the CLI
      Upgrade HCL Workload Automation from the command-line interface.
      - Before upgrading
        Before starting to upgrade the product, verify that your network has the minimum required supported versions of the operating system, product, and database.
      - Performing a direct upgrade from v 9.5.0.x or 10.x.x to v 10.2.x
        Detailed steps to perform a direct upgrade from version 9.5.0.x or v 10.x.x to version 10.2.x
      - Parallel upgrade from version 9.5.0.x to version 10.2.x
      - Parallel upgrade from version 9.4.0.x to version 9.5.0.x or 10.2.x
        Detailed steps to perform a parallel upgrade from version 9.4.0.x to version 9.5.0.x or 10.2.x
        Extracting default certificates
        Procedure to extract and convert default certificates generated in your current version prior to upgrading.
        Installing WebSphere Application Server Liberty
        Installing WebSphere Application Server Liberty to the latest supported version. This is an optional step you might want to perform before you upgrade the Dynamic Workload Console and the server components.
        Encrypting passwords (optional)
        How to encrypt passwords required by the installation process
        Creating and populating the database for the Dynamic Workload Console
        By default, the installation script is configured to install and use a Derby database. Alternatively, you can also choose to use any one of the supported databases.
        Installing the Dynamic Workload Console
        Procedure for installing two Dynamic Workload Console servers on two separate nodes.
        Creating the HCL Workload Automation administrative user
        Instructions to create the HCL Workload Automation administrative user
        Upgrading the database schema for the dynamic domain manager
        Upgrade the dynamic domain manager database schema before upgrading the dynamic domain manager component.
        Installing a dynamic domain manager and its backup
        Install a new dynamic domain manager configured as a backup and link it to your current network. Then switch it to become the new dynamic domain manager.
        Upgrading the database schema for the server components
        Upgrade the master domain manager database tables before upgrading the server components.
        Installing the new master domain manager configured as a backup
        Install the new master domain manager configured as a backup and link it to your current network. Then switch it to become the new master domain manager.
        Installing a new backup master domain manager
        Upgrading your old master domain manager, which is now your current backup master domain manager to the latest product version level.
        Upgrading agents and domain managers
        There are several methods you can choose from to upgrade your domain managers and agents.
      - Upgrading agents and domain managers
        There are several methods you can choose from to upgrade your agents and domain managers.
      - Upgrading when there are corrupt registry files
      - Upgrading in a mixed-version environment when using default certificates
        Upgrading in a mixed-version environment when using default certificates
    - Updating containers
      Updating the container configuration parameters.
    - Enabling product encryption after upgrading
      Enabling product encryption after upgrading from a version earlier than 10.2.
    - Enabling API Key authentication after upgrading
      Enabling API Key authentication after upgrading from v 10.x.x or v 9.5.x to 10.2.x.
    - Returning to version 9.5
      Procedure to return the product to version 9.5
    - FAQ - Upgrade procedures
      A list of questions and answers related to upgrade procedures:
  - Moving from on-premises to cloud
    A quick procedure to move your workload from an on-premises to a cloud environment
  - Troubleshooting installation, migration, and uninstallation
    An overview on troubleshooting installation, migration, and uninstallation of the HCL Workload Automation.
  - Uninstalling
    An overview on how to uninstall the product.
  - Reference
- User's Guide and Reference
- Administration Guide
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Extracting default certificates

Procedure to extract and convert default certificates generated in your current version prior to upgrading.

About this task

If you are using default certificates, extract and convert them before you start the upgrade. Perform the following steps:

Procedure

Set the HCL Workload Automation environment.
Browse to one of the following paths:

version 9.5 and later

TWA_DATA_DIR/usr/servers/engineServer/resources/security

version 9.4 and earlier

TWA_home/WAS/TWSProfile/etc

and run the following commands to extract the master domain manager certificates:
```
keytool -importkeystore -srckeystore TWSServerKeyFile.jks 
-destkeystore server.p12 -deststoretype pkcs12
```
```
openssl pkcs12 -in server.p12 -out tls.tot
```
Open the tls.tot file with any text editor.
Copy the private key and public key into two separate files named respectively tls.key and tls.crt.
where,

tls.key

is the private key

tls.crt

is the public key
Copy the contents of the tls.crt file into a new file named ca.crt.
Create a file named tls.sth containing the passphrase you have specified for creating the .p12 certificate in step 2, encoded in base64 format. To create the tls.sth file, use the following command:
```
secure -password your_password -base64 e -out tls.sth
```
If you are using a version earlier than 10.x, you can find the secure script in the installation package of the 10.2.1 version you are upgrading to. You can launch the script from on of the following paths:
master domain manager and agent
<10.2.1_extracted_image_dir>/TWS/<interp>/Tivoli_LWA_<interp>/TWS/bin
Dynamic Workload Console
<10.2.1_extracted_image_dir>/DWC/<interp>/bin
where

<interp>

is the operating system you are installing on
Extract the client certificates from the TWA_DATA_DIR/ssl/GSKit folder by running the following command:
```
gsk8capicmd_64 -cert -extract -db path_to_TWSClientKeyStore.kdb 
-stashed -label client -target client.crt
```
Insert the client.crt in the additionalCAs folder when providing the certificates to the installation script with the sslkeysfolder parameter.