ESP Workstation fails to connect to any of the ESP subsystem ports that are now secured via AT-TLS through PAGENT.  Workstation shows messages is "Failed to open a connection!". 

Error Information from ESP Workstation trace:

14:20:41.599:[receive][XXX.11.30.15: 4004] [creating WSSecureSocket]
14:20:41.699:[winsock][XXX.11.30.15: 4004] [Connect: IsConnected]
14:20:41.842:[winsock][XXX.11.30.15: 4004] [WSSecureSocket::SubscribeConnection - Error occured:]
14:20:41.842:[winsock][XXX.11.30.15: 4004] [SSL_connect rc: -1, ERR_get_error() rc: 337047686, SSL_get_error() rc: 1]
14:20:41.842:[winsock][XXX.11.30.15: 4004] [SSL VERSION: OpenSSL 1.1.1s  1 Nov 2022, SSL ERROR: SSL_ERROR_SSL]
14:20:41.842:[winsock][XXX.11.30.15: 4004] [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed]
14:20:41.842:[winsock][XXX.11.30.15: 4004] [WSSecureSocket - Certificate verification failed with rc: 62]
14:20:41.843:[winsock][XXX.11.30.15: 4004] [done]

Release : 12.0

The failure with RC 62 was caused by the hostname mismatch. As the doc link below, the same IP address or DNS name should be used on Workstation connection manager:

As workaround, you can use stunnel installed on the Windows system to work with TLS.

Workstation configuration

https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-workload-automation-esp-edition/12-0/securing/tcp-ip-security/tls-encryption-for-esp-workstation-server-and-client.html