Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
Administration Guide
Connection security overview
Scenario: SSL Communication across the fault-tolerant agent network
Using SSL for netman and conman
Creating Your Own Certification Authority

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority and generating certificates
      Sample steps to create a CA and generate default certificates.
    - SSL connection by using the default certificates
      The SSL connection between product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
      The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
      - Using SSL for netman and conman
        Setting up private keys and certificates
        Creating Your Own Certification Authority
        Creating private keys and certificates
        Configuring SSL attributes
        Configuring the SSL connection protocol for the network
        Configuring full SSL security
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Creating Your Own Certification Authority

About this task

If you are going to use SSL authentication within your company's boundaries and not for outside internet commerce, you might find it simpler to create your own certification authority (CA) to trust all your HCL Workload Automation installations. To do so, follow the steps listed below.

Note: In the following steps, the names of the files created during the process TWS and TWSca are sample names. You can use your own names, but keep the same file extensions.

Choose a workstation as your CA root installation.
Type the following command from the SSL directory to initialize the pseudo random number generator, otherwise subsequent commands might not work.
- On UNIX™:
```
$ openssl rand -out TWS.rnd -rand ./openssl 8192
```
- On Windows™:
```
$ openssl rand -out TWS.rnd -rand ./openssl.exe 8192
```
Type the following command to create the CA private key:
```
$ openssl genrsa -out TWSca.key 2048
```

Type the following command to create a self-signed CA Certificate (X.509 structure):

$ openssl req -new -x509 -days 365 -key TWSca.key -out TWSca.crt -config ./
		openssl.cnf

Now you have a certification authority that you can use to trust all of your installations. If you want, you can create more than one CA.