SSL connection by using the default certificates

The SSL connection between product components is enabled by using the default certificates.

Before you begin

Communication between components in the HCL Workload Automation environment can be enabled by using default certificates.

You can also create custom certificates starting from your .pem files, as described in Connection security overview.

About this task

To install with default certificates, run the serverinst command specifying the sslpassword parameter. With this parameter, you provide the password to be used for the certificates. HCL Workload Automation generates the certificates and stores them on the master domain manager in the installation_directory/defaultCerts and TWA_DATA_DIR/ssl/depot directories. You can then use the TWA_DATA_DIR/ssl/depot to retrieve the default certificates for the other product components.

After you have chosen default or custom certificates when installing the master domain manager, the other components in the environment must comply to the same security model.

For all components in the HCL Workload Automation environment you need to copy the certificates from the master domain manager to the workstations where you plan to install the components, with the exception of dynamic agents and fault-tolerant agents. Both dynamic agents and fault-tolerant agents can log in to the master domain manager and download the certificates if you provide the wauser and wapassword parameters when installing.

If you want to use default certificates, perform the following steps:

Procedure

  1. Install the master domain manager specifying the sslpassword parameter when you run the serverinst script. This parameter indicates the password to be used for the default certificates, which are generated automatically and stored in the /depot directory on the master domain manager.
  2. Copy the certificates from the /depot directory on the master domain manager to the workstation where you plan to install the server component or the Dynamic Workload Console.
  3. Install server component or the Dynamic Workload Console specifying the sslkeysfolder and sslpassword parameters when you run the installation script. These parameters specify the path to the certificates you have copied locally from the master domain manager and the related password.
  4. Install dynamic agents and fault-tolerant agents specifying the wauser and wapassword parameters when you run the twsinst script. These parameters specify the credentials for accessing the master domain manager. The agent uses these credentials for downloading the certificates from the /depot directory on the master domain manager. If you need to download the certificates at a later time, specify the wauser and wapassword parameters when you run the AgentCertificateDownloader script.

Results

You have now set up communication in your environment using default certificates. For more information about all the installation commands, see Reference.