Installing an SSL Server Certificate for WCC /eem when using Venafi, instead of keytool
search cancel

Installing an SSL Server Certificate for WCC /eem when using Venafi, instead of keytool

book

Article ID: 246200

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Directions to install the WCC/ EEM server certificates, when they are on the same machine, using Venafi, instead of keytool.

Environment

Autosys: 12.X, 24.x
WCC
EEM

Resolution

Below are the steps to follow to install the WCC server certificates using Venafi, instead of keytool

  1. Have your Certificate Authority generate the pfx certificate file using Venafi

  2. Go to the <main WCC directory>\data\config and rename the .keystore file to be .keystore.bkp

  3. Copy the pfx file that was generated in Step 1 into the <main WCC directory>\data\config directory

  4. Go to the <main WCC directory>\jre\bin on a command prompt and run the following command to list the certificates:
    keytool -list -keystore ..\..\data\config\<name of the pfx file used in Step 3> -storetype PKCS12 -v
  5. Go to the <main WCC directory>\tomcat\conf and make a backup of the server.xml file

  6. Edit the server.xml file and make the following changes:

    1. Go to the line starting with <Connector SSLEnabled="true" and search for keyAlias
    2. Change keyAlias="<name of the alias specified in your .pfx file>"
    3. Right after the keyAlias entry add a space and keystoreType="PKCS12"
    4. Change keystorePass="<password used for the certificate that was generated>"
    5. Change keystoreFile="<main WCC directory>\data\config\<name of pfx file>"
    6. Save the server.xml file

  7. Stop and restart the WCC processes

Below are the steps to follow to install the EEM server certificates using Venafi, instead of keytool

  1. Copy the "<main WCC directory>\data\config\<name of pfx file>" to the igateway directory.

  2. Update the igateway.conf in the defaultport section with:
     <Connector name="defaultport">
     <port>5250</port>
     <mustlisten>true</mustlisten>
     <conntype/>
     <conntimeout>120</conntimeout>
     <peektimeout>30</peektimeout>
     <maxconnections>1000</maxconnections>
     <maxrequestbytes>10000000</maxrequestbytes>
     <maxpiperequests>10</maxpiperequests>
     <maxAcceptRate/>
     <certType>p12</certType>
     <certURI><name of pfx file></certURI>
     <certPW/>
     <keyURI/>
     <keyPW/>
     <secureProtocol/>
     <cipherlist/>
     </Connector>

  3. Save the file and exit

  4. Run configtool to encrypt the keystore password into igateway.conf 

    ./ConfigTool -munge -version 4.7.6.1 -comp igateway -conf igateway.conf -tag "TransportReceiver=HTTP;Connector=defaultport;certPW;" -passwd <Passwordforpfx file>

    Example output from successful run of above command:
    Operation Successful!!

  5. Start the iGateway Service

Additional Information