Configuring SSL attributes
Use the composer command line or the Dynamic Workload Console to update the workstation definition in the database. See for further information.
- secureaddr
- Defines the port used to
listen for incoming SSL connections. This value is read when the securitylevel
attribute is set.
- For workload broker workstations
- Ignore this attribute.
- For remote engine workstations using HTTPS protocol to communicate with the remote engine
- Specify the HTTPS port number of the remote engine.
- For other types of workstations
- Specify the value assigned in the
localopts
file for variable nm ssl port. The value must be different value from the value assigned to nm port variable in thelocalopts
file.
If securitylevel is specified, but this attribute is missing, the default value for this field is
See Setting local options for information about SSL authentication and local options set in the31113
. Specify a value in the range from1
to65535
.TWS_home/localopts
configuration file. - securitylevel
- Specifies the type of SSL
authentication for the workstation. Do not specify this attribute for a workstation
with type
broker
. It can have one of the following values:- enabled
- The workstation uses SSL authentication only if its domain manager workstation or another fault-tolerant agent below it in the domain hierarchy requires it.
- on
- The workstation uses SSL authentication when it connects with its domain manager. The domain manager uses SSL authentication when it connects to its parent domain manager. The fault-tolerant agent refuses any incoming connection from its domain manager if it is not an SSL connection.
- force
- The workstation uses SSL authentication for all of its connections and accepts connections from both parent and subordinate domain managers.
- force_enabled
- The workstation uses SSL authentication for all of its connections to all target workstations which are set to this value. The workstation tries to establish a connection in FULLSSL mode and, if the attempt fails, it tries to establish an unsecure connection. If you plan to set different security levels between master domain manager and fault-tolerant agents, ensure all these components are at version 95 Fix Pack 4 or later. For versions earlier than 95 Fix Pack 4, the same security level is required for master domain manager and fault-tolerant agents.
If this attribute is omitted, the workstation is not configured for SSL connections and any value for secureaddr is ignored. Make sure, in this case, that the nm ssl port local option is set to 0 to ensure that netman process does not try to open the port specified in secureaddr. See Setting local options for information about SSL authentication and local options set in the
TWS_home/localopts
configuration file.The following table describes the type of communication used for each type of securitylevel setting.The value for securitylevel is not specified for dynamic workload broker workstations.Table 1. Type of communication depending on the security level value Value set on the Fault-tolerant Agent (or the Domain Manager) Value set on its Domain Manager (or on its Parent Domain Manager) Type of connection established Not specified Not specified TCP/IP Enabled Not specified TCP/IP On Not specified No connection Force Not specified No connection Not specified On TCP/IP Enabled On TCP/IP On On SSL Force On SSL Not specified Enabled TCP/IP Enabled Enabled TCP/IP On Enabled SSL Force Enabled SSL Not specified Force No connection Enabled Force SSL On Force SSL Force Force SSL
cpuname MYWIN
os WNT
node apollo
tcpaddr 30112
secureaddr 32222
for maestro
autolink off
fullstatus on
securitylevel on
end