HCL Workload Automation, Version 9.4

Overview

Overview of the Dynamic Workload Console SSL connection

To implement the RMI/IIOP over SSL communication between the Dynamic Workload Console and the SOAP internal communication of master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent with distributed connector, you use the server and client security features of WebSphere Application Server.

The SSL security paradigm implemented in the WebSphere Application Server requires two stores to be present on the clients and the server: a keystore containing the private key and a truststore containing the certificates of the trusted counterparts.

Figure 1 shows the server and client keys, and to where they must be exported for the Dynamic Workload Console:

Figure 1. SSL server and client keys

Graphic showing the components and how their server and client keys are distributed.

The diagram shows the keys Dynamic Workload Console and components that has distributed connector must extract and distributed to enable SSL communication.The Dynamic Workload Console interface uses the default certificates that are installed in the default keystores to communicate with the agent with distributed connector. You can configure the Dynamic Workload Console to connect in SSL mode with an agent with distributed connector by using your certificates to meet your required security settings.

In addition creating new keys, you can also customize the name, location, and password of the keystore and truststore. For details about possibilities, see Table 1.

Table 1. Changes allowed in HCL Workload Automation keystore and truststore
File	Name	Path	Password	New key
TWS server keystore	✓	✓	✓	✓
TWS server truststore	✓	✓	✓	✓
TWS client keystore				✓
TWS client truststore				✓
TDWC client keystore				✓
TDWC client truststore				✓

When you are customizing the Dynamic Workload Console settings, make sure that the keys have the same password as the keystore where they are saved. The Dynamic Workload Console keystore password must be the same as the Dynamic Workload Console client and HCL Workload Automation server password.

Note: When you configure the Dynamic Workload Console to connect to different agents with distributed connector, the Dynamic Workload Console truststore must have a certificate for each connector to enable SSL connection.