Overview
Overview of the Dynamic Workload Console SSL connection
To implement the RMI/IIOP over SSL communication between the Dynamic Workload Console and the internal communication of master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent, you use the server and client security features of WebSphere Application Server Liberty Base.
The SSL security paradigm implemented in the WebSphere Application Server Liberty Base requires two stores to be present on the clients and the server: a keystore containing the private key and a truststore containing the certificates of the trusted counterparts.
SSL server and client keys shows the server and client keys, and to where they
must be exported for the Dynamic Workload Console: The diagram shows the keys Dynamic Workload Console and components must extract and distributed to enable SSL communication.The
Dynamic Workload Console interface uses the default
certificates that are installed in the default keystores to communicate with the agent. You can
configure the Dynamic Workload Console to connect in
SSL mode with an agent by using your certificates to meet your required security settings.
In addition creating new keys, you can also customize the name,
location, and password of the keystore and truststore. For details
about possibilities, see Changes allowed in HCL Workload Automation keystore and truststore.
File | Name | Path | Password | New key |
---|---|---|---|---|
TWS server keystore | ✓ | ✓ | ✓ | ✓ |
TWS server truststore | ✓ | ✓ | ✓ | ✓ |
TWS client keystore | ✓ | |||
TWS client truststore | ✓ | |||
TDWC client keystore | ✓ | |||
TDWC client truststore | ✓ |
When you are customizing the Dynamic Workload Console settings, make sure that the keys have the same password as the keystore where they are saved.
The Dynamic Workload Console keystore password must be
the same as the Dynamic Workload Console client and
HCL Workload Automation server password.
Note: When
you configure the Dynamic Workload Console to connect
to different agents, the Dynamic Workload Console
truststore must have a certificate for each component to enable SSL connection.