Installing an SSL Server Certificate for WCC /eem when using Venafi, instead of keytool
book
Article ID: 246200
calendar_today
Updated On:
Products
Autosys Workload Automation
Issue/Introduction
Directions to install the WCC/ EEM server certificates, when they are on the same machine, using Venafi, instead of keytool.
Environment
Autosys: 12.X, 24.x WCC EEM
Resolution
Below are the steps to follow to install the WCC server certificates using Venafi, instead of keytool
Have your Certificate Authority generate the pfx certificate file using Venafi
Go to the <main WCC directory>\data\config and rename the .keystore file to be .keystore.bkp
Copy the pfx file that was generated in Step 1 into the <main WCC directory>\data\config directory
Go to the <main WCC directory>\jre\bin on a command prompt and run the following command to list the certificates: keytool -list -keystore ..\..\data\config\<name of the pfx file used in Step 3> -storetype PKCS12 -v
Go to the <main WCC directory>\tomcat\conf and make a backup of the server.xml file
Edit the server.xml file and make the following changes:
Go to the line starting with <Connector SSLEnabled="true" and search for keyAlias
Change keyAlias="<name of the alias specified in your .pfx file>"
Right after the keyAlias entry add a space and keystoreType="PKCS12"
Change keystorePass="<password used for the certificate that was generated>"
Change keystoreFile="<main WCC directory>\data\config\<name of pfx file>"
Save the server.xml file
Stop and restart the WCC processes
Below are the steps to follow to install the EEM server certificates using Venafi, instead of keytool
Copy the "<main WCC directory>\data\config\<name of pfx file>" to the igateway directory.
Update the igateway.conf in the defaultport section with: <Connector name="defaultport"> <port>5250</port> <mustlisten>true</mustlisten> <conntype/> <conntimeout>120</conntimeout> <peektimeout>30</peektimeout> <maxconnections>1000</maxconnections> <maxrequestbytes>10000000</maxrequestbytes> <maxpiperequests>10</maxpiperequests> <maxAcceptRate/> <certType>p12</certType> <certURI><name of pfx file></certURI> <certPW/> <keyURI/> <keyPW/> <secureProtocol/> <cipherlist/> </Connector>
Save the file and exit
Run configtool to encrypt the keystore password into igateway.conf