Modify the Encryption Type
search cancel

Modify the Encryption Type


Article ID: 272371


Updated On:


CA Workload Automation AE


My client requested to change the encryption key.
I am doing it but it asks me:
if when changing the key, it is compatible with; 2048-bit minimum type RSA

And for the change, I am basing myself on this documentation: to-work-with-ca-wa-agent-for-unix-linux-windows-or-i5-os/modify-the-encryption-type-and-encryption-key-on-ca-workload-automation-ae. html



Autosys 12.x
System Agent 12.x


The encryption key you are talking about is for communication between the scheduler/app server and the agent.

The Encryption between these endpoints is not an HTTP SSL encryption.
There are three modes of encryption
default - which is a AES 128-bit encryption key with a standard encryption key used in the product
AES - This ia an AES 128-bit encryption using a custom key.

From the scheduler side, these are discussed here

For an overview of Application wide encryption please see the below link

There is no option for a 2048-bit RSA encryption method between the agent and the application server and scheduler.
You have an option of using None, Default or AES based on the explanation above,

Additional Information

Below are the steps you can follow to change the Pass Phrase used by a single system agent working with Autosys scheduler

1) Connect to the target agent and source the autosys environment
2) Go to the agent directory
3) Run the command such as this:
keygen NewPassPhrase12# AES cryptkey3.txt

The passphrase when working with Autosys Workload Automation needs to be exactly 16 characters.

4) This will create a new file called cryptkey3.txt
5) Edit the agentparmt.txt and change the entry
6) change the agentname
7) Go into WCC or use JIL to update the Agent definition agent and and security settings such as to match this new configuration.
update_machine: <MachineName> agent_name:WA_AGENT2 encryption_type: AES key_to_agent:NewPassPhrase12# 
8) Restart the agent service.
9) Test a job.

This should now have your agent using the new Pass Phrase you set up.

This does not change the encryption type or strength.