HCL Workload Automation, Version 9.4

Setting localopts parameters for FIPS

About this task

To set your environment for FIPS, set the following local option on every HCL Workload Automation agent in the network.

SSL Fips enabled = yes

The following example applies to a Windows agent. Set the following local options for the engine:

SSL keystore file = "<TWA_home>\TWS\ssl\GSKit\TWSClientKeyStore.kdb"
SSL certificate keystore label = "client"
SSL keystore pwd = "<TWA_home>\TWS\ssl\GSKit\TWSClientKeyStore.sth"

where <TWA_home> is the installation directory of the instance of HCL Workload Automation where the agent is installed.

Set the following local options for the CLI:

CLI SSL keystore file =
"<TWA_home>\TWS\ssl\GSKit\TWSClientKeyStore.kdb"
CLI SSL certificate keystore label = "client"
CLI SSL keystore pwd =
"<TWA_home>\TWS\ssl\GSKit\TWSClientKeyStore.sth"

where <TWA_home> is the installation directory of the instance of HCL Workload Automation where the agent is installed.

For more information about setting local options and the localopts file, see Setting local options.

Note: On Windows workstations, the user, SYSTEM, must have read-permissions to read the GSKit FIPS certificates.