Certificates download to dynamic agents - AgentCertificateDownloader script

This script downloads and deploys certificates in .PEM format from the master domain manager to dynamic agents.

This section lists and describes the parameters that are used when running a AgentCertificateDownloader script to download and deploy certificates in .PEM format from the master domain manager to the dynamic agents in your environment.

When installing the agent with a fresh installation, you only need to provide the credentials to connect to the master domain manager using the wauser and wapassword parameters. The certificates in .PEM format are automatically downloaded and deployed to the agent without further intervention.

The script connects to master domain manager to retrieve the compressed file containing the certificates, and saves them to the working directory with name waCertificates.zip.

Before running the command, ensure the certificates in .PEM format are available on the master domain manager in one of the following paths:
On Windows operating systems
installation_directory\TWS\ssl\depot
On UNIX operating systems
TWA_DATA_DIR/ssl/depot
The required files are as follows:
tls.sth
The file storing your encoded password.
tls.rnd
The file containing the random seed to be used by OpenSSL.
ca.crt
The Certificate Authority (CA) public certificate.
tls.key
The private key for the instance to be installed.
tls.crt
The public part of the previous key.

If you use this parameter, ensure that the addjruntime parameter is set to true, because Java run time is required for defining custom certificates in .PEM format. This parameter is not supported on HCL Workload Automation Agent (also known as the agent with z-centric capabilities).

This parameter is mutually exclusive with the wauser and wapassword parameters, which are used to download and deploy the certificates already available on the master domain manager.

When running the command, you can type parameters and values from a properties file, type them in the command line, or use a combination of both properties file and command line. If a parameter is specified both in the properties file and in the command line, the command line value is used.

Syntax

Certificate installation syntax on Windows operating systems
Show command usage
cscript AgentCertificateDownloader.vbs -? | --usage | --help
Retrieve the command parameters and values from a properties file
cscript AgentCertificateDownloader.vbs --file | -f  [properties_file]
General information

    cscript AgentCertificateDownloader.vbs
    --work_dir working_dir
    [--displayname agent_name]
    --tdwbhostname host_name
    --tdwbport tdwbport_number
    --wauser wauser_name
    --wapassword wauser_password
Certificate installation syntax on UNIX operating systems
Show command usage
./AgentCertificateDownloader.sh --? | --usage | --help
Retrieve the command parameters and values from a properties file
./AgentCertificateDownloader.sh --file | --f  [properties_file]
General information

    ./AgentCertificateDownloader.sh
    --work_dir working_dir
    [--displayname agent_name]
    --tdwbhostname host_name
    --tdwbport port_number
    --wauser wauser_name
    --wapassword wauser_password

AgentCertificateDownloader parameters

--? | --usage | --help
Displays the command usage and exits.
--propfile | --f [properties_file]
Optionally specify a properties file containing custom values for AgentCertificateDownloader parameters. The default file is located in the root directory of the installation image.
Specifying a properties file is suggested if you have a high number of parameters which require custom values. You can also reuse the file with minimal modification for several installations. If you create a custom properties file, specify its name and path with the -f parameter.
General information
--work_dir working_dir
The working directory used to store the waCertificates.zip file returned by the command. This compressed file contains the certificates in .PEM format retrieved from the master domain manager. This parameter is required and no default value is provided.
--displayname name
Specify the name assigned to the agent.
--tdwbhostname host_name
The fully qualified host name or IP address of the broker server to which the agent is connected. This parameter is optional. The default value is localhost.
--tdwbport tdwbport_number
Specify the port of the broker server to which the agent is connected. This parameter is optional. The default value is 31116.
--wauser wauser_name
The user for which you have installed the master domain manager to which the agent is connecting. By providing this information, you enable HCL Workload Automation to download and deploy the certificates in .PEM format already available on the master domain manager to enable secure communication.
--wapassword wauser_password
The password for the user for which you have installed the master domain manager to which the agent is connecting. By providing this information, you enable HCL Workload Automation to download and install the certificates in .PEM format already available on the master domain manager to enable secure communication.

You can also use the --wapassword and --wauser parameters to specify a user different from the user which installed the master domain manager by using an ACL, as described in Downloading certificates using a different user.

For more information about the typical installation procedure, see Typical installation scenario.