SSL connection by using the default certificates

The SSL connection between the console and other product components is enabled by using the default certificates.

Before you begin

Dynamic Workload Console and master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent is enabled by using the default certificates.

You can also create certificates starting from your .PEM files, as described in Connection security overview

About this task

You have the following environment:
Dynamic Workload Console installed on the DWC-WKS workstation:
  • The Dynamic Workload Console is installed in the <DWC_INST_DIR> directory.
Master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager, or agent installed on the TWS-WKS workstation:
  • The agent is installed in the <TWS_INST_DIR> directory.

By default the SSL connection between the Dynamic Workload Console and the component is enabled by using the default certificates. The default password associated with each of the default keystores is default. The SSL connection has the following default certificates:

The master domain manager uses two keystores in .jks format: a private key keystore and a trusted key keystore:
On Windows systems
Private keys keystore
<TWA_home>\usr\servers\engineServer\resources\security\TWSServerKeyFile.jks
Trusted keys keystore
<TWA_home>\usr\servers\engineServer\resources\security\TWSServerTrustFile.jks
On UNIX systems
Private keys keystore
<TWA_DATA_DIR>/usr/servers/engineServer/resources/security/TWSServerKeyFile.jks
Trusted keys keystore
<TWA_DATA_DIR>/usr/servers/engineServer/resources/security/TWSServerTrustFile.jks
The dynamic agent uses two keystores, one in CMS format (.kdb) and a copy of this one in .jks format. Both keystores contain both the private certificate and the trusted keys:
On Windows systems
.kdb keystore
<TWA_home>\TWS\ITA\cpa\ita\cert\TWSClientKeyStore.kdb
.jks keystore
<TWA_home>\TWS\ITA\cpa\ita\cert\TWSClientKeyStoreJKS.jks
On UNIX systems
.kdb keystore
<TWA_DATA_DIR>/ITA/cpa/ita/cert/TWSClientKeyStore.kdb
.jks keystore
<TWA_DATA_DIR>/ITA/cpa/ita/cert/TWSClientKeyStoreJKS.jks
Note: The default certificates are not used for the Dynamic Workload Console client authentication. Authentication on the Client is managed by a user ID and password.