SSL connection by using the default certificates
The SSL connection between the console and other product components is enabled by using the default certificates.
Before you begin
You can also create certificates starting from your .PEM files, as described in Connection security overview
About this task
You have the following environment:
- Dynamic Workload Console installed on the DWC-WKS workstation:
-
- The Dynamic Workload Console is installed in the <DWC_INST_DIR> directory.
- Master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager, or agent installed on the TWS-WKS workstation:
-
- The agent is installed in the <TWS_INST_DIR> directory.
By default the SSL connection between the Dynamic Workload Console and the component is enabled by using the default certificates. The default password associated with each of the default keystores is default. The SSL connection has the following default certificates:
The master domain manager uses two keystores in
.jks format: a private key keystore and a trusted key keystore:
- On Windows systems
-
- Private keys keystore
- <TWA_home>\usr\servers\engineServer\resources\security\TWSServerKeyFile.jks
- Trusted keys keystore
- <TWA_home>\usr\servers\engineServer\resources\security\TWSServerTrustFile.jks
- On UNIX systems
-
- Private keys keystore
- <TWA_DATA_DIR>/usr/servers/engineServer/resources/security/TWSServerKeyFile.jks
- Trusted keys keystore
- <TWA_DATA_DIR>/usr/servers/engineServer/resources/security/TWSServerTrustFile.jks
The dynamic agent uses two keystores,
one in CMS format (.kdb) and a copy of this one in .jks
format. Both keystores contain both the private certificate and the trusted keys:
- On Windows systems
-
- .kdb keystore
- <TWA_home>\TWS\ITA\cpa\ita\cert\TWSClientKeyStore.kdb
- .jks keystore
- <TWA_home>\TWS\ITA\cpa\ita\cert\TWSClientKeyStoreJKS.jks
- On UNIX systems
-
- .kdb keystore
- <TWA_DATA_DIR>/ITA/cpa/ita/cert/TWSClientKeyStore.kdb
- .jks keystore
- <TWA_DATA_DIR>/ITA/cpa/ita/cert/TWSClientKeyStoreJKS.jks
Note: The default certificates are not used for the Dynamic Workload Console client authentication.
Authentication on the Client is managed by a user ID and password.