SSL connection by using the default certificates
The SSL connection between product components is enabled by using the default certificates.
Before you begin
Communication between components in the HCL Workload Automation environment can be enabled by using default certificates.
You can also create custom certificates starting from your .pem files, as described in Connection security overview.
About this task
After you have chosen default or custom certificates when installing the master domain manager, the other components in the environment must comply to the same security model.
For all components in the HCL Workload Automation environment you need to copy the certificates from the master domain manager to the workstations where you plan to install the components, with the exception of dynamic agents and fault-tolerant agents. Both dynamic agents and fault-tolerant agents can log in to the master domain manager and download the certificates if you provide the wauser and wapassword parameters when installing.
If you want to use default certificates, perform the following steps:
Procedure
- Install the master domain manager specifying the sslpassword parameter when you run the serverinst script. This parameter indicates the password to be used for the default certificates, which are generated automatically and stored in the /depot directory on the master domain manager.
- Copy the certificates from the /depot directory on the master domain manager to the workstation where you plan to install the server component or the Dynamic Workload Console.
- Install server component or the Dynamic Workload Console specifying the sslkeysfolder and sslpassword parameters when you run the installation script. These parameters specify the path to the certificates you have copied locally from the master domain manager and the related password.
- Install dynamic agents and fault-tolerant agents specifying the wauser and wapassword parameters when you run the twsinst script. These parameters specify the credentials for accessing the master domain manager. The agent uses these credentials for downloading the certificates from the /depot directory on the master domain manager. If you need to download the certificates at a later time, specify the wauser and wapassword parameters when you run the AgentCertificateDownloader script.