HCL Workload Automation, Version 9.4

Locating the keystore files

About this task

To locate the keystore files, run the showSecurityProperties utility, described in the following section: Security properties: reference. Then make any changes to the name, location, password of the HCL Workload Automation server key or truststores, you must modify the configuration files which describe them.

Client key files for all components

The client key files for HCL Workload Automation master are described in the file: TWA_home/WAS/TWSprofile/properties/ssl.client.props. The client key files for the Dynamic Workload Console are described in the file:JazzSM_profile_dir/properties/ssl.client.props .

An example of it is as follows:

# KeyStore information
com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
com.ibm.ssl.keyStore=/opt/hcl/TWA0/WAS/TWSprofile/etc/
                                             TWSClientKeyFile.jks
com.ibm.ssl.keyStorePassword={xor}Ozo5PiozKw\=\=
com.ibm.ssl.keyStoreType=JKS
com.ibm.ssl.keyStoreProvider=IBMJCE
com.ibm.ssl.keyStoreFileBased=true

# TrustStore information
com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
com.ibm.ssl.trustStore=/opt/hcl/TWA0/WAS/TWSprofile/etc/
                                             TWSClientTrustFile.jks
com.ibm.ssl.trustStorePassword={xor}Ozo5PiozKw\=\=
com.ibm.ssl.trustStoreType=JKS
com.ibm.ssl.trustStoreProvider=IBMJCE
com.ibm.ssl.trustStoreFileBased=true

To modify the server key file names, paths, or passwords, modify the configuration files using the script changeSecurityProperties located in the TWA_home/TWS/wastool directory. For instructions on how to do this see Changing the security settings. The following is a sample of the input:

################################################################
SSL Panel
################################################################
alias=DefaultSSLSettings
keyFileName=${USER_INSTALL_ROOT}/etc/TWSServerKeyFile.jks
keyFilePassword=*****
keyFileFormat=JKS
trustFileName=${USER_INSTALL_ROOT}/etc/TWSServerTrustFile.jks
trustFilePassword=*****
trustFileFormat=JKS
clientAuthentication=false
securityLevel=HIGH
enableCryptoHardwareSupport=false

Important: The certificates for the Dynamic Workload Console have been changed and will expire after one year. To renew the certificates, follow the procedure explained in the following documentation: http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftsec_7renewcecacert.html.

The following table show the old and new name and path of HCL Workload Automation and Dynamic Workload Console certificates.

Table 1. Key and truststores
Store	Previous Certificate	Current Certificate Path
TWS server key store	`TWSServerKeyFile.jks`	`/opt/hcl/TWA0/WAS/TWSprofile/etc/TWSServerKeyFile.jks`
TWS server truststore	`TWSServerTrustFile.jks`	`/opt/hcl/TWA0/WAS/TWSprofile/etc/TWSServerTrustFile.jks`
TWS client key store	`TWSClientKeyFile.jks`	`/opt/hcl/TWA0/WAS/TWSprofile/etc/TWSClientKeyFile.jks`
TWS client truststore	`TWSClientTrustFile.jks`	`/opt/hcl/TWA0/WAS/TWSprofile/etc/TWSClientTrustFile.jks`
DWC server key store	`TWSServerKeyStore.jks`	`JazzSM profile dir/config/cells/JazzSMNode01Cell/nodes/JazzSMNode01/key.p12`
DWC server truststore	`TWSServerTrustStore.jks`	`JazzSM profile dir/config/cells/JazzSMNode01Cell/nodes/JazzSMNode01/trust.p12`
DWC client key store	`TWSClientKeyStore.jks`	`JazzSM profile dir/etc/key.p12`
DWC client truststore	`TWSClientTrustStore.jks`	`JazzSM profile dir/etc/trust.p12`