Overview of the Dynamic Workload Console SSL connection

To implement the RMI/IIOP over SSL communication between the Dynamic Workload Console and the internal communication of master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent, you use the server and client security features of WebSphere Application Server Liberty Base.

The SSL security paradigm implemented in the WebSphere Application Server Liberty Base requires two stores to be present on the clients and the server: a keystore containing the private key and a truststore containing the certificates of the trusted counterparts.

SSL server and client keys shows the server and client keys, and to where they must be exported for the Dynamic Workload Console:
Figure 1. SSL server and client keys

Graphic showing the components and how their server and client keys are distributed.
The diagram shows the keys Dynamic Workload Console and components must extract and distributed to enable SSL communication.The Dynamic Workload Console interface uses the default certificates that are installed in the default keystores to communicate with the agent. You can configure the Dynamic Workload Console to connect in SSL mode with an agent by using your certificates to meet your required security settings.
In addition creating new keys, you can also customize the name, location, and password of the keystore and truststore. For details about possibilities, see Changes allowed in HCL Workload Automation keystore and truststore.
Table 1. Changes allowed in HCL Workload Automation keystore and truststore
File Name Path Password New key
TWS server keystore
TWS server truststore
TWS client keystore
TWS client truststore
TDWC client keystore
TDWC client truststore
When you are customizing the Dynamic Workload Console settings, make sure that the keys have the same password as the keystore where they are saved. The Dynamic Workload Console keystore password must be the same as the Dynamic Workload Console client and HCL Workload Automation server password.
Note: When you configure the Dynamic Workload Console to connect to different agents, the Dynamic Workload Console truststore must have a certificate for each component to enable SSL connection.