HCL Workload Automation, Version 9.4

SSL connection by using your certificates

You can configure the Dynamic Workload Console to connect in SSL mode with master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent with distributed connector by using your certificates.

About this task

You have the following environment:
Dynamic Workload Console installed on the DWC-WKS workstation:
  • The Dynamic Workload Console is installed in the <DWC_INST_DIR> directory.
  • The embedded WebSphere Application Server is installed in the <DWC_INST_DIR>\eWAS directory.
master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent with distributed connector installed on the TWS-WKS workstation:
  • The master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent with distributed connector is installed in the <TWS_INST_DIR> directory.
  • The embedded WebSphere Application Server is installed in the <TWS_INST_DIR>\eWas directory.
Note: The master domain manager, the backup master domain manager, the dynamic domain manager, backup dynamic domain manager or the agent with distributed connector is called agent with distributed connector. Also the keyword used during the keys creation is named agent. When you perform the procedure, you might insert a name that specifies the agent for which you are performing the procedure, i.e. Master for the master domain manager or ddm for the dynamic domain manager.
As described in Figure 1, in the WebSphere Application Server, you must create the following keys databases:
On the agent with distributed connector instance:
  • Agent Server key
  • Agent Server trust
  • Agent Client key
  • Agent Client trust
On the Dynamic Workload Console instance:
  • DWC Server key
  • DWC Server trust
  • DWC Client key
  • DWC Client trust
and then mutually export and import the keys and enable the WebSphere Application Server to work with the new certificates.
Quick steps procedure:
  1. Create the Agent Server key database, run 1.
  2. Create the Agent Server trust database, run 2.
  3. Create the Agent Client Key database, run 3.
  4. Create the Agent Client Trust database, run 4.
  5. Create the DWC Server Key database, run 5.
  6. Create the DWC Server Trust database, run 6.
  7. Create the DWC Client Key database, run 7.
  8. Create the DWC Client Trust database, run 8.
  9. Import the Signed certificates into the AgentServerTrust, run 9.
  10. Import the Signed certificates into theAgentClientTrust, run 10.
  11. Import the Signed certificates into the DWCServerTrust, run 11.
  12. Import the Signed certificates into the DWCClientTrust, run 12.
  13. Configure the new server key files in the HCL Workload Automation agent, run 13.
  14. Configure the new client files in the HCL Workload Automation agent, run 14.
  15. Configure the new server key files in the Dynamic Workload Console, run 15.
  16. Configure the new client files in the Dynamic Workload Console, run 16.
Run the following steps:
  1. Create the Agent Server key database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the TWS-AGENT agent.
    2. Run the <TWS_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the Agent Server key value: ServerAgentKey.jks
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the ServerAgentKey.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the Key database information section on the IBM Key Management panel, you can see the <TWS_CERTS_DIR>\ServerAgentKey.jks just created. In the drop-down list, select Personal certificates and click New Self-Signed....
    9. Create the Self-Signed Certificate, by entering at least the following information in the Create New Self-Signed Certificate panel:
      Key Label
      Insert the TWSAgentServer value.
      Version
      Insert the X509 V3 value.
      Key Size
      Insert the 2048 value.
      Signature Algorithm
      Insert the SHA2WithRSA value.
      Common Name
      Insert the AgentServer value.
      Validity Period
      Insert the 365 value.
    10. Click OK. The twsagentsserver appears in the Personal certificates list.
    11. To create the certAgentServer.arm certificate, select the twsagentsserver in the Personal Certificates list and click Extract certificate.
    12. In the New panel, enter the following information:
      Data type:
      Select Base64-encoded ASCII data.
      Certificate file name:
      Insert the certAgentServer.arm value.
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the certAgentServer.arm file.
    13. Click OK.
  2. Create the Agent Server trust database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the TWS-AGENT agent.
    2. Run the <TWS_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the Agent Server trust value: ServerAgentTrust.jks
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the ServerAgentTrust.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the drop-down list, select Signer certificates and Click Add to add the certAgentServer.arm created in 1.l.
    9. Enter the AgentServerTrust label for the certAgentServer.arm certificate. The AgentServerTrust appears in the Signer certificates list.
    10. Click OK.
  3. Create the Agent Client Key database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the HCL Workload Automation agent.
    2. Run the <TWS_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the Agent Client Key value: ClientAgentKey.jks
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the ClientAgentKey.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the Key database information section on the IBM Key Management panel, you can see the <TWS_CERTS_DIR>\ClientAgentKey.jks just created. In the drop-down list, select Personal certificates and click New Self-Signed....
    9. Create the Self-Signed Certificate, by entering at least the following information in the Create New Self-Signed Certificate panel:
      Key Label
      Insert the TWSAgentClient value.
      Version
      Insert the X509 V3 value.
      Key Size
      Insert the 2048 value.
      Signature Algorithm
      Insert the SHA2WithRSA value.
      Common Name
      Insert the AgentClient value.
      Validity Period
      Insert the 365 value.
    10. Click OK. The twsagentsClient appears in the Personal certificates list.
    11. To create the certAgentClient.arm certificate, select the twsagentsClient in the Personal Certificates list and click Extract certificate.
    12. In the New panel, enter the following information:
      Data type:
      Select Base64-encoded ASCII data.
      Certificate file name:
      Insert the certAgentClient.arm value.
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the certAgentClient.arm file.
    13. Click OK.
  4. Create the Agent Client Trust database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the TWS-AGENT agent.
    2. Run the <TWS_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the Agent Client Trust value: ClientAgentTrust.jks
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the ClientAgentTrust.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the drop-down list, select Signer certificates and Click Add to add the certAgentClient.arm created in 3.l.
    9. Enter the ClientAgentTrust label for the certAgentClient.arm certificate. The ClientAgentTrust appears in the Signer certificates list.
    10. Click OK.
  5. Create the DWC Server Key database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the DWC Dynamic Workload Console.
    2. Run the <DWC_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the DWC Server Key value: ServerDWCKey.jks
      Location
      Insert the <DWC_CERTS_DIR> directory name where you want to save the ServerDWCKey.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the Key database information section on the IBM Key Management panel, you can see the <TWS_CERTS_DIR>\ServerDWCKey.jks just created. In the drop-down list, select Personal certificates and click New Self-Signed....
    9. Create the Self-Signed Certificate, by entering at least the following information in the Create New Self-Signed Certificate panel:
      Key Label
      Insert the TWSDWCServer value.
      Version
      Insert the X509 V3 value.
      Key Size
      Insert the 2048 value.
      Signature Algorithm
      Insert the SHA2WithRSA value.
      Common Name
      Insert the DWCServer value.
      Validity Period
      Insert the 365 value.
    10. Click OK. The twsDWCserver appears in the Personal certificates list.
    11. To create the certDWCServer.arm certificate, select the twsDWCsserver in the Personal Certificates list and click Extract certificate.
    12. In the New panel, enter the following information:
      Data type:
      Select Base64-encoded ASCII data.
      Certificate file name:
      Insert the certDWCServer.arm value.
      Location
      Insert the <DWC_CERTS_DIR> directory name where you want to save the certDWCServer.arm file.
    13. Click OK.
  6. Create the DWC Server Trust database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the DWC Dynamic Workload Console.
    2. Run the <DWC_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the DWC Server Trust value: ServerDWCTrust.jks
      Location
      Insert the <DWC_CERTS_DIR> directory name where you want to save the ServerDWCTrust.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the drop-down list, select Signer certificates and Click Add to add the certDWCServer.arm created in 5.l.
    9. Enter the DWCServerTrust label for the certDWCServer.arm certificate. The certDWCServer appears in the Signer certificates list.
    10. Click OK.
  7. Create the DWC Client Key database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the DWC Dynamic Workload Console.
    2. Run the <DWC_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the DWC Client Key value: ClientDWCKey.jks
      Location
      Insert the <DWC_CERTS_DIR> directory name where you want to save the ClientDWCKey.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the Key database informationsection on the IBM Key Management panel, you can see the <DWC_CERTS_DIR>\ClientDWCKey.jks just created. In the drop-down list, select Personal certificates and click New Self-Signed....
    9. Create the Self-Signed Certificate, by entering at least the following information in the Create New Self-Signed Certificate panel:
      Key Label
      Insert the TWSDWCClient value.
      Version
      Insert the X509 V3 value.
      Key Size
      Insert the 2048 value.
      Signature Algorithm
      Insert the SHA2WithRSA value.
      Common Name
      Insert the DWCClient value.
      Validity Period
      Insert the 365 value.
    10. Click OK. The twsDWCClient appears in the Personal certificates list.
    11. To create the certDWCClient.arm certificate, select the twsDWCClient in the Personal Certificates list and click Extract certificate.
    12. In the New panel, enter the following information:
      Data type:
      Select Base64-encoded ASCII data.
      Certificate file name:
      Insert the certDWCClient.arm value.
      Location
      Insert the <TWS_CERTS_DIR> directory name where you want to save the certDWCClient.arm file.
    13. Click OK.
  8. Create the DWC Client Trust database:
    1. Log on as Administrator on Windows operating systems or as root on UNIX and Linux operating systems, on the machine where you installed the DWC Dynamic Workload Console.
    2. Run the <DWC_INST_DIR>\eWas\java\jre\bin\ikeyman command or use the ikeyman command provided by a Java instance on your machine.
    3. On the IBM Key Management panel, click Key Database File > New.
    4. In the New panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Insert the DWC Client Trust value: ClientDWCTrust.jks
      Location
      Insert the <DWC_CERTS_DIR> directory name where you want to save the ClientDWCTrust.jks file.
    5. Click OK.
    6. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    7. Click OK.
    8. In the drop-down list, select Signer certificates and Click Add to add the certDWCClient.arm created in 7.l.
    9. Enter the DWCClientTrust label for the certDWCClient.arm certificate. The DWCClientTrust appears in the Signer certificates list.
    10. Click OK.
  9. Import the <TWS_CERTS_DIR>\certAgentClient.arm, <TWS_CERTS_DIR>\certAgentServer.arm, and <DWC_CERTS_DIR>\certDWCServer.arm certificates in the AgentServerTrust Signed certificates as described in Figure 1:
    1. Copy the <DWC_CERTS_DIR>\certDWCServer.arm certificate from the DWC-WKS workstation to the TWS-WKS workstation in the <TWS_CERTS_DIR> directory.
    2. Click Open to open the AgentServerTrust signed certificates created in the 2.i.
    3. In the Open panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Enter the <TWS_CERTS_DIR>\ServerAgentTrust.jks
      Location
      Insert the <TWS_CERTS_DIR> directory name.
    4. Click OK.
    5. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    6. Click OK.
    7. Select the AgentServerTrust signed certificates created in the 2.i.
    8. Click Add to add the <TWS_CERTS_DIR>\certAgentClient.arm created in 3.l.
    9. Click OK.
    10. Click Add to add the <TWS_CERTS_DIR>\certAgentServer.arm created in 1.l.
    11. Click OK.
    12. Click Add to add the <DWC_CERTS_DIR>\certDWCServer.arm created in 5.l.
    13. Click OK.
  10. Import the <TWS_CERTS_DIR>\certAgentServer.arm certificate in the AgentClientTrust Signed certificates as described in Figure 1, by performing the following steps:
    1. Click Open to open the AgentClientTrust signed certificates created in the 4.i.
    2. In the Open panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Enter the <TWS_CERTS_DIR>\ClientAgentTrust.jks
      Location
      Insert the <TWS_CERTS_DIR> directory name.
    3. Click OK.
    4. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    5. Click OK.
    6. In the drop-down list, select Signed certificates.
    7. Select the AgentClientTrust signed certificates created in 4.i.
    8. Click Add to add the <TWS_CERTS_DIR>\certAgentServer.arm created in 1.l.
    9. Click OK.
  11. Import the <TWS_CERTS_DIR>\certAgentServer.arm, <DWC_CERTS_DIR>\certDWCServer.arm and <DWC_CERTS_DIR>\certDWCClient.arm certificates in the DWCServerTrust Signed certificates as described in Figure 1, by performing the following steps:
    1. Copy the <TWS_CERTS_DIR>\certAgentServer.arm certificate from the TWS-WKS workstation to the DWC-WKS workstation in the <DWC_CERTS_DIR> directory.
    2. Click Open to open the DWCServerTrust signed certificates created in the 6.i.
    3. In the Open panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Enter the <DWC_CERTS_DIR>\ServerDWCTrust.jks
      Location
      Insert the <DWC_CERTS_DIR> directory name.
    4. Click OK.
    5. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    6. Click OK.
    7. In the drop-down list, select Signer certificates.
    8. Select the DWCServerTrust signed certificates created in the 6.i.
    9. Click Add to add the <DWC_CERTS_DIR>\certAgentServer.arm created in 1.l.
    10. Click OK.
    11. Select the DWCServerKey signed certificates created in the 5.l.
    12. Click Add to add the <DWC_CERTS_DIR>\certDWCServer.arm created in 5.l.
    13. Click OK.
    14. Click Add to add the <DWC_CERTS_DIR>\certDWCClient.arm created in 7.l.
    15. Click OK.
  12. Import the <DWC_CERTS_DIR>\certDWCServer.arm certificate in the DWCClientTrust Signed certificates as described in Figure 1, by performing the following steps:
    1. Click Open to open the DWCClientTrust signed certificates created in the 8.i.
    2. In the Open panel, enter the following information:
      Key database type
      Select the JKS type value.
      File Name
      Enter the <DWC_CERTS_DIR>\ClientDWCTrust.jks
      Location
      Insert the <DWC_CERTS_DIR> directory name.
    3. Click OK.
    4. In the Password prompt panel insert the password and confirm the same password. For example passw0rd.
    5. Click OK.
    6. In the drop-down list, select Signer certificates.
    7. Select the DWCClientTrust signed certificates created in the 8.i.
    8. Click Add to add the <DWC_CERTS_DIR>\certDWCServer.arm created in 5.l.
    9. Click OK.
  13. Configure the new server key files in the HCL Workload Automation agent with distributed connector:
    1. Stop the WebSphere Application Server on the HCL Workload Automation agent with distributed connector. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks.
    2. Run the following script:
      On Windows operating systems:
      showSecurityProperties.bat > My_Security.prop
      On UNIX and Linux operating systems:
      showSecurityProperties.sh > My_Security.prop
    3. In the My_Security.prop file SSL Panel section , insert the keyFileName name that you created in 1.d and trustFileName name that you created in 2.d:
      Note: Use / for Windows and UNIX operating systems.
      ################################################################
      SSL Panel
      ################################################################
      alias=NodeDefaultSSLSettings
      keyFileName=
      <TWS_CERTS_DIR>/ServerAgentKey.jks
      keyFilePassword=*****
      keyFileFormat=JKS
      trustFileName=
      <TWS_CERTS_DIR>/ServerAgentTrust.jks
      trustFilePassword=*****
      trustFileFormat=JKS
      clientAuthentication=false
      securityLevel=HIGH
      enableCryptoHardwareSupport=false
      Note:
      • On Windows and UNIX operating systems, use the / in the keyfilename and trustFilename path.
      • Encrypt the password using the encryptProfileProperties utility. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks >encrypting the profile properties files for details on how to encrypt profile properties
    4. Modify the Security properties, by running the following script:
      On Windows operating systems:
      changeSecurityProperties.bat  My_Security.prop
      On UNIX and Linux operating systems:
      changeSecurityProperties.sh  My_Security.prop
  14. Configure the new client files in the HCL Workload Automation agent with distributed connector:
    1. Locate the following file:
      On Windows operating systems:
      <TWS_INST_DIR>\eWas\profiles\TIPProfile\properties\ssl.client.props
      On UNIX and Linux operating systems:
      <TWS_INST_DIR>/eWas/profiles/TIPProfile/properties/ssl.client.props
    2. In the ssl.client.props file, modify the KeyStore information and TrustStore information section, by insert the following values:
      # KeyStore information
      com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
      com.ibm.ssl.keyStore=<TWS_CERTS_DIR>/ClientAgentKey.jks
      com.ibm.ssl.keyStorePassword=passw0rd
      com.ibm.ssl.keyStoreType=JKS
      com.ibm.ssl.keyStoreProvider=IBMJCE
      com.ibm.ssl.keyStoreFileBased=true
      
      # TrustStore information
      com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
      com.ibm.ssl.trustStore=<TWS_CERTS_DIR>/ClientAgentTrust.jks
      com.ibm.ssl.trustStorePassword=passw0rd
      com.ibm.ssl.trustStoreType=JKS
      com.ibm.ssl.trustStoreProvider=IBMJCE
      com.ibm.ssl.trustStoreFileBased=true
      com.ibm.ssl.trustStoreReadOnly=false
      where
      com.ibm.ssl.keyStore
      Insert the <TWS_CERTS_DIR>/ClientAgentKey.jks file that you generated in 3.d.
      com.ibm.ssl.keyStorePassword
      Insert the password value that you used in 3.f.
      com.ibm.ssl.trustStore
      Insert the <TWS_CERTS_DIR>/ClientAgentTrust.jks file that you generated in 4.d.
      com.ibm.ssl.trustStorePassword
      Insert the password value that you used in 4.f.
      Note:
      • On Windows and UNIX operating systems, use the / in the keyfilename and trustFilename path.
      • Encrypt the password using the encryptProfileProperties utility. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks >encrypting the profile properties files for details on how to encrypt profile properties
    3. Start the WebSphere Application Server on the HCL Workload Automation agent with distributed connector. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks.
  15. Configure the new server key files in the Dynamic Workload Console:
    1. Stop the WebSphere Application Server on the Dynamic Workload Console. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks.
    2. Run the following script:
      On Windows operating systems:
      showSecurityProperties.bat > My_Security.prop
      On UNIX and Linux operating systems:
      showSecurityProperties.sh > My_Security.prop
    3. In the My_Security.prop file SSL Panel section , insert the keyFileName name that you created in 5.d and trustFileName name that you created in 6.d:
      ################################################################
      SSL Panel
      ################################################################
      alias=NodeDefaultSSLSettings
      keyFileName=
      <TWS_CERTS_DIR>/ServerDWCKey.jks
      keyFilePassword=passw0rd
      keyFileFormat=JKS
      trustFileName=
      <TWS_CERTS_DIR>/ServerDWCTrust.jks
      trustFilePassword=passw0rd
      trustFileFormat=JKS
      clientAuthentication=false
      securityLevel=HIGH
      enableCryptoHardwareSupport=false
      Note:
      • On Windows and UNIX operating systems, use the / in the keyfilename and trustFilename path.
      • Encrypt the password using the encryptProfileProperties utility. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks >encrypting the profile properties files for details on how to encrypt profile properties
    4. Modify the Security properties, by running the following script:
      On Windows operating systems:
      changeSecurityProperties.bat  My_Security.prop
      On UNIX and Linux operating systems:
      changeSecurityProperties.sh  My_Security.prop
  16. Configure the new client files in the Dynamic Workload Console:
    1. Locate the following file:
      On Windows operating systems:
      <DWC_INST_DIR>\eWas\profiles\TIPProfile\properties\ssl.client.props
      On UNIX and Linux operating systems:
      <DWC_INST_DIR>/eWas/profiles/TIPProfile/properties/ssl.client.props
    2. In the ssl.client.props file, modify the KeyStore information and TrustStore information sections, by insert the following values:
      # KeyStore information
      com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
      com.ibm.ssl.keyStore=<DWC_CERTS_DIR>/ClientDWCKey.jks
      com.ibm.ssl.keyStorePassword=passw0rd
      com.ibm.ssl.keyStoreType=JKS
      com.ibm.ssl.keyStoreProvider=IBMJCE
      com.ibm.ssl.keyStoreFileBased=true
      
      # TrustStore information
      com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
      com.ibm.ssl.trustStore=<DWC_CERTS_DIR>/ClientDWCTrust.jks
      com.ibm.ssl.trustStorePassword=passw0rd
      com.ibm.ssl.trustStoreType=JKS
      com.ibm.ssl.trustStoreProvider=IBMJCE
      com.ibm.ssl.trustStoreFileBased=true
      com.ibm.ssl.trustStoreReadOnly=false
      where
      com.ibm.ssl.keyStore
      Insert the <DWC_CERTS_DIR>/ClientDWCKey.jks file that you generated in 7.d.
      com.ibm.ssl.keyStorePassword
      Insert the password value that you used in 7.f.
      com.ibm.ssl.trustStore
      Insert the <DWC_CERTS_DIR>/ClientDWCTrust.jks file that you generated in 8.d.
      com.ibm.ssl.trustStorePassword
      Insert the password value that you used in 8.f.
      Note:
      • On Windows and UNIX operating systems, use the / in the keyfilename and trustFilename path.
      • Encrypt the password using the encryptProfileProperties utility. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks >encrypting the profile properties files for details on how to encrypt profile properties
    3. Start the WebSphere Application Server on the Dynamic Workload Console. For more information about this utility, see Administration Guide> Administrative tasks > Application server tasks.