Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.1.
Planning and Installation
Upgrading
How to upgrade HCL Workload Automation to the current version.
Enabling API Key authentication after upgrading
Enabling API Key authentication after upgrading from v 10.x.x or v 9.5.x to 10.2.x.

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.1.
- Planning and Installation
  - Planning
  - Installing HCL Workload Automation
    Available installation methods
  - Configuring
    Configuring HCL Workload Automation components after installation.
  - Upgrading
    How to upgrade HCL Workload Automation to the current version.
    - Downloading installation images on your workstation
      Steps to take when downloading images on your workstation.
    - Upgrading from the CLI
      Upgrade HCL Workload Automation from the command-line interface.
    - Updating containers
      Updating the container configuration parameters.
    - Enabling product encryption after upgrading
      Enabling product encryption after upgrading from a version earlier than 10.2.
    - Enabling API Key authentication after upgrading
      Enabling API Key authentication after upgrading from v 10.x.x or v 9.5.x to 10.2.x.
    - Returning to version 9.5
      Procedure to return the product to version 9.5
    - FAQ - Upgrade procedures
      A list of questions and answers related to upgrade procedures:
  - Moving from on-premises to cloud
    A quick procedure to move your workload from an on-premises to a cloud environment
  - Troubleshooting installation, migration, and uninstallation
    An overview on troubleshooting installation, migration, and uninstallation of the HCL Workload Automation.
  - Uninstalling
    An overview on how to uninstall the product.
  - Reference
- User's Guide and Reference
- Administration Guide
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Enabling API Key authentication after upgrading

Enabling API Key authentication after upgrading from v 10.x.x or v 9.5.x to 10.2.x.

About this task

In previous versions of the product, both in fresh and upgrade installation, it was not necessary to add the server public certificate to its truststore. With the new API Key feature, which is implemented in version 10.1 Fix Pack 1 and later, the generated JWT is signed with the server private key. When the JWT is received by the server to authenticate a user, the public key associated with the private key used for signing is not present in the truststore and cannot be used. As a result, the authentication of that user is blocked.

To solve the problem, in fresh installations the server public key is automatically added to its trustore.

When you are upgrading from v 10.x.x or v 9.5.x to 10.2.x, run the following commands on the master domain manager:

keytool -exportcert -keystore $WA_DATADIR/usr/servers/engineServer/resources/security/TWSServerKeyFile.p12 
-storepass password -storetype p12 -file /tmp/tls.crt -alias server -noprompt

keytool -importcert -keystore $WA_DATADIR/usr/servers/engineServer/resources/security/TWSServerTrustFile.p12 
-storepass password -storetype p12 -file /tmp/tls.crt -alias mpjwtkey -noprompt

Edit the value of the mp.jwt.trust.key variable from the twstrustkey to mpjwtkey in the jwt_variables.xml file located inside the WebSphere Application Server Liberty Base overrides folder. For more information about templates, see Configuring HCL Workload Automation using templates.

If you do not remember what the public certificate alias is called, run the following command to retrieve the list of certificates within the keystore:

keytool -list -keystore $WA_DATADIR/usr/servers/engineServer/resources/security/TWSServerKeyFile.p12 
-storepass password -storetype p12