Configuring your master domain manager and broker in SSL mode
About this task
- Install the master domain manager or upgrade your current master domain manager to the latest version, for example version 9.5.0.5.
- Replace the values of the following parameters in the
localopts file with the following values:
- nm SSL full port = 31113
- SSL key =TWA_home/TWS/ssl/OpenSSL/TWSClient.key
- SSL certificate = TWA_home/TWS/ssl/OpenSSL/TWSClient.cer
- SSL key pwd = TWA_home/TWS/ssl/OpenSSL/password.sth
- SSL CA certificate = TWA_home/TWS/ssl/OpenSSL/TWSTrustCertificates.cer
- SSL random seed =TWA_home/TWS/ssl/OpenSSL/TWS.rnd
- SSL Encryption Cipher = TLSv1.2
- Modify the master domain manager and broker using the composer mod command, as
follows:
CCPUNAME your_master_domain_manager_workstation DESCRIPTION "MANAGER CPU" OS UNIX NODE localhost TCPADDR 31111 SECUREADDR 31113 DOMAIN MASTERDM FOR MAESTRO TYPE MANAGER AUTOLINK ON BEHINDFIREWALL OFF SECURITYLEVEL FORCE_ENABLED FULLSTATUS ON END
CPUNAME your_broker_workstation DESCRIPTION "This workstation was automatically created." OS OTHER NODE localhost TCPADDR 41114 SECUREADDR 41114 DOMAIN MASTERDM FOR MAESTRO TYPE BROKER AUTOLINK ON BEHINDFIREWALL OFF SECURITYLEVEL FORCE_ENABLED FULLSTATUS OFF END
- Modify the Broker.Workstation.PortSSL parameter in the
BrokerWorkstation.properties file from
false to true.
The Broker.Workstation.PortSSL parameter specifies the port used by the broker server to listen to the incoming traffic (equivalent to the Netman port) in SSL mode. It is first assigned at installation time. This port number must always be the same for all the broker servers that you define in your HCL Workload Automation network (one with the master domain manager and one with every backup master domain manager you install) to ensure consistency when you switch masters.
- Stop and start WebSphere Application Server Liberty Base, as described in Application server - starting and stopping.
- Stop and start all HCL Workload Automation processes.
- Run
Jnextplan -for 0000