Configuring your master domain manager and dynamic domain manager in SSL mode

By default, starting from version 10.1 master domain manager and dynamic domain manager are installed in SSL mode.

If you are upgrading from a version earlier than 10.1 and want to set up your master domain manager and dynamic domain manager in SSL mode, perform the following steps:

1. Install the master domain manager or upgrade your current master domain manager to the latest version, for example version 10.2.
2. Stop Open Liberty, as described in Application server - starting and stopping.
3. Replace the values of the following parameters in the localopts file with the following values:
   • nm SSL full port = 31113
   • SSL key =TWA_home/TWS/ssl/OpenSSL/TWSClient.key
   • SSL certificate = TWA_home/TWS/ssl/OpenSSL/TWSClient.cer
   • SSL key pwd = TWA_home/TWS/ssl/OpenSSL/password.sth
   • SSL CA certificate = TWA_home/TWS/ssl/OpenSSL/TWSTrustCertificates.cer
   • SSL random seed =TWA_home/TWS/ssl/OpenSSL/TWS.rnd
   • SSL Encryption Cipher = TLSv1.2
   For more information about the localopts file, see Setting local options
4. Modify the master domain manager and dynamic domain manager using the composer mod command, as follows:

   CCPUNAME your_master_domain_manager_workstation
   
     DESCRIPTION "MANAGER CPU"
   
     OS UNIX
   
     NODE localhost TCPADDR 31111
   
     SECUREADDR 31113
   
     DOMAIN MASTERDM
   
     FOR MAESTRO
   
       TYPE MANAGER
   
       AUTOLINK ON
   
       BEHINDFIREWALL OFF
   
       SECURITYLEVEL FORCE_ENABLED
   
       FULLSTATUS ON
   
   END

   CPUNAME your_broker_workstation
   
     DESCRIPTION "This workstation was automatically created."
   
     OS OTHER
   
     NODE localhost TCPADDR 41114
   
     SECUREADDR 41114
   
     DOMAIN MASTERDM
   
     FOR MAESTRO
   
       TYPE BROKER
   
       AUTOLINK ON
   
       BEHINDFIREWALL OFF
   
       SECURITYLEVEL FORCE_ENABLED
   
       FULLSTATUS OFF
   
   END

5. Modify the Broker.Workstation.PortSSL parameter in the BrokerWorkstation.properties file from false to true.

   The Broker.Workstation.PortSSL parameter specifies the port used by the broker server to listen to the incoming traffic (equivalent to the Netman port) in SSL mode. It is first assigned at installation time. This port number must always be the same for all the broker servers that you define in your HCL Workload Automation network (one with the master domain manager and one with every backup master domain manager you install) to ensure consistency when you switch masters.

6. Start Open Liberty, as described in Application server - starting and stopping.
7. Stop and start all HCL Workload Automation processes.
8. Run

   Jnextplan -for 0000