Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 9.5 Fix Pack 6.
Administration Guide
Connection security overview
Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
Customizing certificates for master domain manager and Dynamic Workload Console communication
Supported scenarios for creating custom certificates for communication between master domain manager and Dynamic Workload Console
Customizing master domain manager certificates
Procedure to use custom certificates for the master domain manager

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 9.5 Fix Pack 6.
- Fix Pack readmes
  For the latest information about a Fix Pack, see the appropriate Readme File.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority
      How to create a CA and generate the key
    - SSL connection by using the default certificates
      The SSL connection between the console and other product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
      The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
      - Overview
        Overview of the Dynamic Workload Console SSL connection
      - Customizing certificates for master domain manager and Dynamic Workload Console communication
        Supported scenarios for creating custom certificates for communication between master domain manager and Dynamic Workload Console
        Customizing master domain manager and Dynamic Workload Console certificates
        Supported scenarios for creating custom certificates for communication between master domain managerand Dynamic Workload Console
        Customizing master domain manager certificates
        Procedure to use custom certificates for the master domain manager
        Customizing Dynamic Workload Console certificates
        Procedure to use custom certificates for the Dynamic Workload Console
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
    - SSL command reference
      List of commands for managing certificates
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- Integrating
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Customizing master domain manager certificates

Procedure to use custom certificates for the master domain manager

About this task

To customize the master domain manager certificates, perform the following steps:

Procedure

On the master domain manager, generate a self-signed certificate or issue a certificate sign request to a CA and import the certificate into TWSServerKeyFile.jks. For example, you can generate the private key to be used for signing the custom certificate by issuing the following command:
```
openssl genrsa -des3 -out tls.key 2048
```

Create the certificate sign request:

openssl req -new -key tls.key -out tls.csr -config 
/usr/Tivoli/TWS/OpenSSL64/1.0.0/bin/openssl.cnf

After receiving back the signed certificate, you can import the custom certificate along with its private key into TWSServerKeyFile.jks, as follows:

Create a single file containing both:
```
cat tls.key tls.crt > tls.tot
```

Export the resulting file to a PKCS12 keystore:

openssl pkcs12 -export -out TWSServerKeyFile.p12 -in tls.tot -name server

Import the PKCS12 keystore into TWSServerKeyFile.jks:

keytool -importkeystore -srckeystore TWSServerKeyFile.p12 -srcstoretype pkcs12 
-destkeystore TWSServerKeyFile.jks -deststoretype jks -srcstorepass password 
-deststorepass password -srcalias server -destalias server

On the master domain manager, import the CA certificate in the path <TWSDATA>/ssl/TWSClientKeyStoreJKS.jks :
```
keytool -importcert -file ca.crt -keystore TWSClientKeyStoreJKS.jks 
-alias ca -trustcacerts
```
On the Dynamic Workload Console, import the CA certificate into the TWSServerTrustFile.jks:
```
keytool -importcert -file ca.crt -keystore TWSServerTrustFile.jks -alias ca
-trustcacerts
```

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.