HCL Workload Automation, Version 9.4

Customizing the SSL connection between a master domain manager and a dynamic domain manager or its backup by using your certificates

Customizing the SSL connection between a master domain manager and a dynamic domain manager or its backup by using your certificates.

About this task

The connection to the broker server installed with the dynamic domain manager requires the use of certificates from a certificate authority to provide authentication. In addition, the master domain managers and the backup master domain managers that communicate with the dynamic domain manager or the backup dynamic domain managers must be defined on the related broker server to ensure role-based authorization.

The examples in this section refer to a dynamic domain manager that communicates with a master domain manager, but the same configuration applies also when the dynamic domain manager communicates with any of the following components:
  • Master domain manager
  • Backup master domain manager (if any)
  • Backup dynamic domain manager (if any)

If you use the default certificates installed with the product, the communication between all the components is automatically achieved.

When you install HCL Workload Automation, the default certificates provided ensure correct authentication and role-based authorization between the components. The default value for the certificate is Server on the master domain manager.

If you plan to use your certificates rather than the default ones, to enable the communication between components follow the procedure described in the section below.

For example, the following procedure enables communication between a master domain manager and a dynamic domain manager.

Procedure
Procedure to enable the communication between a master domain manager and a dynamic domain manager:
  1. Modify the certificate on the master domain manager. For example, this procedure assumes that the common name present in the certificate on the master domain manager is mdm1.
  2. Deploy the certificate to the master domain manager and to the dynamic domain manager, as described in Setting connection security.
  3. Modify the list of common names on the dynamic domain manager, as follows:
    1. Browse to TWA_home/TDWB/config.
    2. Open the file BrokerWorkstation.properties.
    3. In the option Broker.AuthorizedCNs, define the common name for the authorized master domain manager. In this example
      Broker.AuthorizedCNs=mdm1
      If you want to enable the communication with more than one master domain manager, separate each value with a semicolon. For example, you can define the following list:
      Broker.AuthorizedCNs=mdm;mdm1;mdm2
      This list ensures that all master domain managers with those common names can connect to the dynamic domain manager.
  4. Stop and start the dynamic domain manager to make the change effective, as follows:
    1. Use the wastool stopBrokerApplication.sh on UNIX and Linux or stopBrokerApplication.bat on Windows:
      stopBrokerApplication -user username
      -password password [-port portnumber]
      where username and password are the credentials used at installation. The parameter portnumber is optional; if it is not specified, the default is used.
    2. Use the wastool startBrokerApplication.sh on UNIX and Linux or startBrokerApplication.bat on Windows:
      startBrokerApplication -user username -password password [-port portnumber]
      where username and password are the credentials used at installation. The parameter portnumber is optional. If it is not specified, the default is used.
For more information, see BrokerWorkstation.properties file and Starting, stopping, and displaying dynamic workload broker status.