Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 9.5 Fix Pack 7.
Administration Guide
Connection security overview
Scenario: SSL Communication across the fault-tolerant agent network
Using SSL for netman and conman
Configuring full SSL security
Setting up full SSL security

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 9.5 Fix Pack 7.
- Fix Pack readmes
  For the latest information about a Fix Pack, see the appropriate Readme File.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority
      How to create a CA and generate the key
    - SSL connection by using the default certificates
      The SSL connection between the console and other product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
      The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
      - Using SSL for netman and conman
        Setting up private keys and certificates
        Creating Your Own Certification Authority
        Creating private keys and certificates
        Configuring SSL attributes
        Configuring the SSL connection protocol for the network
        Configuring full SSL security
        Overview
        Setting up full SSL security
        Configuring full SSL support for internetwork dependencies
    - SSL command reference
      List of commands for managing certificates
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- Integrating
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Setting up full SSL security

About this task

To set full SSL connection security for your network, you must, in addition to all the steps described above in Connection security overview) configure the following options:

enSSLFullConnection (or sf)

Use optman on the master domain manager to set this global option to Yes to enable full SSL support for the network. For more information, see Setting global options.

nm SSL full port

If you defined the SSL port at installation time using the netmansslport parameter, no further action is required. For more information about the netmansslport parameter, see Agent installation parameters - twsinst script, Master components installation - serverinst script.

If you have not defined the SSL port at installation time, edit the localopts file on every agent of the network (including the master domain manager) to set this local option to the port number used to listen for incoming SSL connections. For more information, see Setting local options. Take note of the following:

This port number is to be defined also for the SECUREADDR parameter in the workstation definition of the agent.
In a full SSL security setup, the nm SSL port local option is to be set to zero.
You must stop netman (conman shut;wait) and restart it (StartUp) after making the changes in localopts.
Check that the securitylevel parameter in the workstation definition of each workstation using SSL is set at least to enabled.

Other than the changed value for secureaddr, no other changes are required in the workstation definitions to set up this feature.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.