Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
Administration Guide
Connection security overview
Scenario: SSL Communication across the fault-tolerant agent network
Using SSL for netman and conman
Configuring full SSL security
Setting up full SSL security

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority and generating certificates
      Sample steps to create a CA and generate default certificates.
    - SSL connection by using the default certificates
      The SSL connection between product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
      The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
      - Using SSL for netman and conman
        Setting up private keys and certificates
        Creating Your Own Certification Authority
        Creating private keys and certificates
        Configuring SSL attributes
        Configuring the SSL connection protocol for the network
        Configuring full SSL security
        Overview
        Setting up full SSL security
        Configuring full SSL support for internetwork dependencies
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Setting up full SSL security

About this task

To set full SSL connection security for your network, you must, in addition to all the steps described above in Connection security overview) configure the following options:

enSSLFullConnection (or sf)

Use optman on the master domain manager to set this global option to Yes to enable full SSL support for the network. For more information, see Setting global options.

nm SSL full port

If you defined the SSL port at installation time using the netmansslport parameter, no further action is required. For more information about the netmansslport parameter, see Agent installation parameters - twsinst script, Server components installation - serverinst script.

If you have not defined the SSL port at installation time, edit the localopts file on every agent of the network (including the master domain manager) to set this local option to the port number used to listen for incoming SSL connections. For more information, see Setting local options. Take note of the following:

This port number is to be defined also for the SECUREADDR parameter in the workstation definition of the agent. For more information, see Workstation definition.
Check that the securitylevel parameter in the workstation definition of each workstation using SSL is set at least to enabled. For more information, see Workstation definition.
In a full SSL security setup, the nm SSL port local option is to be set to zero. For more information, see Setting local options.
You must stop netman (conman shut;wait) and restart it (StartUp) after making the changes in localopts.