Certificates download to dynamic agents - AgentCertificateDownloader script
This script downloads and deploys certificates in .PEM format from the master domain manager to dynamic agents.
This section lists and describes the parameters that are used when running a AgentCertificateDownloader script to download and deploy certificates in .PEM format from the master domain manager to the dynamic agents in your environment.
When installing the agent with a fresh installation, you only need to provide the credentials to connect to the master domain manager using the wauser and wapassword parameters. The certificates in .PEM format are automatically downloaded and deployed to the agent without further intervention.
The script connects to master domain manager to retrieve the compressed file containing the certificates, and saves them to the working directory with name waCertificates.zip.
- On Windows operating systems
-
installation_directory\TWS\ssl\depot
- On UNIX operating systems
-
TWA_DATA_DIR/ssl/depot
- tls.sth
- The file storing your encoded password.
- tls.rnd
- The file containing the random seed to be used by OpenSSL.
- ca.crt
- The Certificate Authority (CA) public certificate.
- tls.key
- The private key for the instance to be installed.
- tls.crt
- The public part of the previous key.
If you use this parameter, ensure that the addjruntime parameter is set to true, because Java™ run time is required for defining custom certificates in .PEM format. This parameter is not supported on HCL Workload Automation Agent (also known as the agent with z-centric capabilities).
This parameter is mutually exclusive with the wauser and wapassword parameters, which are used to download and deploy the certificates already available on the master domain manager.
When running the command, you can type parameters and values from a properties file, type them in the command line, or use a combination of both properties file and command line. If a parameter is specified both in the properties file and in the command line, the command line value is used.
Syntax
- Certificate installation syntax on Windows operating systems
-
- Show command usage
-
cscript AgentCertificateDownloader.vbs -? | --usage | --help
- Retrieve the command parameters and values from a properties file
-
cscript AgentCertificateDownloader.vbs --file | -f [properties_file]
- General information
-
cscript AgentCertificateDownloader.vbs --work_dir working_dir [--displayname agent_name] --tdwbhostname host_name --tdwbport tdwbport_number --wauser wauser_name --wapassword wauser_password
- Certificate installation syntax on UNIX operating systems
-
- Show command usage
-
./AgentCertificateDownloader.sh --? | --usage | --help
- Retrieve the command parameters and values from a properties file
-
./AgentCertificateDownloader.sh --file | --f [properties_file]
- General information
-
./AgentCertificateDownloader.sh --work_dir working_dir [--displayname agent_name] --tdwbhostname host_name --tdwbport port_number --wauser wauser_name --wapassword wauser_password
AgentCertificateDownloader parameters
- --? | --usage | --help
- Displays the command usage and exits.
- --propfile | --f [properties_file]
- Optionally specify a properties file containing custom values for AgentCertificateDownloader parameters. The default file is located in the root directory of the installation image.
- --work_dir working_dir
- The working directory used to store the waCertificates.zip file returned by the command. This compressed file contains the certificates in .PEM format retrieved from the master domain manager. This parameter is required and no default value is provided.
- --displayname name
- Specify the name assigned to the agent.
- --tdwbhostname host_name
- The fully qualified host name or IP address of the broker server to which the agent is connected. This parameter is optional. The default value is localhost.
- --tdwbport tdwbport_number
- Specify the port of the broker server to which the agent is connected. This parameter is optional. The default value is 31116.
- --wauser wauser_name
- The user for which you have installed the master domain manager to which the agent is connecting. By providing this information, you enable HCL Workload Automation to download and deploy the certificates in .PEM format already available on the master domain manager to enable secure communication.
- --wapassword wauser_password
- The password for the user for which you have installed the master domain manager to which the agent is connecting. By providing this information, you enable HCL Workload Automation to download and install the certificates in .PEM format already available on the master domain manager to enable secure communication.
You can also use the --wapassword and --wauser parameters to specify a user different from the user which installed the master domain manager by using an ACL, as described in Downloading certificates using a different user.
For more information about the typical installation procedure, see Typical installation scenario.