Configuring your master domain manager and broker in SSL mode

About this task

If you plan to install your master domain manager, Version 9.5 Fix Pack 5 or later in SSL mode or plan to upgrade to Version 9.5 Fix Pack 5 or later and set up your master domain manager and broker in SSL mode, perform the following steps:
  1. Install the master domain manager or upgrade your current master domain manager to the latest version, for example version 9.5.0.5.
  2. Replace the values of the following parameters in the localopts file with the following values:
    • nm SSL full port = 31113
    • SSL key =TWA_home/TWS/ssl/OpenSSL/TWSClient.key
    • SSL certificate = TWA_home/TWS/ssl/OpenSSL/TWSClient.cer
    • SSL key pwd = TWA_home/TWS/ssl/OpenSSL/password.sth
    • SSL CA certificate = TWA_home/TWS/ssl/OpenSSL/TWSTrustCertificates.cer
    • SSL random seed =TWA_home/TWS/ssl/OpenSSL/TWS.rnd
    • SSL Encryption Cipher = TLSv1.2
    For more information about the localopts file, see Setting local options
  3. Modify the master domain manager and broker using the composer mod command, as follows:
    CCPUNAME your_master_domain_manager_workstation
    
      DESCRIPTION "MANAGER CPU"
    
      OS UNIX
    
      NODE localhost TCPADDR 31111
    
      SECUREADDR 31113
    
      DOMAIN MASTERDM
    
      FOR MAESTRO
    
        TYPE MANAGER
    
        AUTOLINK ON
    
        BEHINDFIREWALL OFF
    
        SECURITYLEVEL FORCE_ENABLED
    
        FULLSTATUS ON
    
    END
    CPUNAME your_broker_workstation
    
      DESCRIPTION "This workstation was automatically created."
    
      OS OTHER
    
      NODE localhost TCPADDR 41114
    
      SECUREADDR 41114
    
      DOMAIN MASTERDM
    
      FOR MAESTRO
    
        TYPE BROKER
    
        AUTOLINK ON
    
        BEHINDFIREWALL OFF
    
        SECURITYLEVEL FORCE_ENABLED
    
        FULLSTATUS OFF
    
    END
  4. Modify the Broker.Workstation.PortSSL parameter in the BrokerWorkstation.properties file from false to true.

    The Broker.Workstation.PortSSL parameter specifies the port used by the broker server to listen to the incoming traffic (equivalent to the Netman port) in SSL mode. It is first assigned at installation time. This port number must always be the same for all the broker servers that you define in your HCL Workload Automation network (one with the master domain manager and one with every backup master domain manager you install) to ensure consistency when you switch masters.

  5. Stop and start WebSphere Application Server Liberty Base, as described in Application server - starting and stopping.
  6. Stop and start all HCL Workload Automation processes.
  7. Run
    Jnextplan -for 0000