Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
Administration Guide
Connection security overview
Scenario: SSL Communication across the fault-tolerant agent network
Using SSL for netman and conman
Configuring the SSL connection protocol for the network

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority and generating certificates
      Sample steps to create a CA and generate default certificates.
    - SSL connection by using the default certificates
      The SSL connection between product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
      The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
      - Using SSL for netman and conman
        Setting up private keys and certificates
        Creating Your Own Certification Authority
        Creating private keys and certificates
        Configuring SSL attributes
        Configuring the SSL connection protocol for the network
        Configuring full SSL security
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Configuring the SSL connection protocol for the network

About this task

To configure SSL for your network, perform the following steps:

Create an SSL directory under the TWA_home/TWS directory. By default, the path DATA_DIR/ssl is registered in the localopts file. If you create a directory with a name different from ssl in the DATA_DIR directory, then update the localopts file accordingly. For example, if you decide to use the TWA_home/TWS/ssl/CustomSSL/ folder instead of the default one, you can modify localopts as follows:
```
SSL key	  ="TWA_HOME/TWS/ssl/CustomSSL/workstationname.key" 
SSL certificate	   ="TWA_HOME/TWS/ssl/CustomSSL/workstationname.crt"   
SSL key pwd	       ="TWA_HOME/TWS/ssl/CustomSSL/workstationname.sth"  
SSL CA certificate      ="TWA_HOME/TWS/ssl/CustomSSL/TWSTrustCertificates.cer" 
SSL random seed	   ="TWA_HOME/TWS/ssl/CustomSSL/workstationname.rnd" 
SSL Encryption Cipher   =HIGH
```
If you created multiple TWSca.crt,you can simply append the content of each of them on a new line of the TWSTrustCertificates.cer.
Copy openssl.cnf and openssl.exe to the SSL directory.
Create as many private keys, certificates, and trusted CA lists as you plan to use in your network. For more information, see Creating private keys and certificates.
For each workstation that will use SSL authentication:
- Update its definition in the HCL Workload Automation database with the SSL attributes. For more information, see Configuring SSL attributes.
- Add the SSL local options in the localopts file.
- Update the SSL port parameter. The value must match the value added to the corresponding definition in the HCL Workload Automation database:
```
# Netman SSL port
# the value "0" means port close
#

nm SSL port    =PORT_NUMBER
```
  For more information, see Setting up full SSL security.

Although you are not required to follow a particular sequence, these tasks must all be completed to activate SSL support.

In HCL Workload Automation, SSL support is available for the fault-tolerant agents only (including the master domain manager and the domain managers), but not for the extended agents. If you want to use SSL authentication for a workstation that runs an extended agent, you must specify this parameter in the definition of the host workstation of the extended agent.