You need to enable SSL mode with a certificate for the PostgreSQL database connection in AutoSys and Workload Control Center (WCC) to meet security compliance requirements․​​​​​‌​‍

SYMPTOMS:

• The AutoSys database connection currently uses non-SSL username and password authentication

• A requirement exists to encrypt the database connection using SSL while maintaining password authentication

CONTEXT: This configuration applies when switching an existing non-SSL PostgreSQL connection to an SSL-encrypted connection
IMPACT: Ensures secure, encrypted communication between AutoSys, WCC, and the PostgreSQL database

Autosys Workload Automation (AutoSys)
Workload Control Center (WCC)

Environment:

• OS: Linux

• Database: PostgreSQL

• Application: AutoSys Workload Automation 24․X, Workload Control Center (WCC) 24․X

ROOT CAUSE:
The initial installation used standard password authentication without SSL encryption․ 
Manual configuration is required to transition to an SSL-encrypted connection․

PREREQUISITES:

• PostgreSQL Database Server certificates (server․crt and server․key) are available on the AutoSys and WCC machines

• Administrator access to the AutoSys and WCC servers

STEPS:

Step 1․ CONFIGURE AUTOSYS SCHEDULER FOR SSL

Path: $AUTOSYS/config․<InstanceID>

Update the configuration file with the following lines:
DBSSLMode=allow
DBSSLRootCertificatePath=
DBSSLClientCertificatePath=<Full path to PostgreSQL Database Server *․crt>
DBSSLClientCertificateKeyPath=<Full path to PostgreSQL Database Server *․key>
DBSSLClientCertificatePassphrase=

EXPECTED: The scheduler configuration is updated to allow SSL connections
NOTE: Restart the scheduler after making these changes

Step 2․ CREATE PKCS12 KEYSTORE FOR AUTOSYS APP SERVER

The App Server uses a JDBC connection and requires a pkcs12 keystore

Command: keytool -import -file server․crt -keystore server․pkcs12 -trustcacert

EXPECTED: A server․pkcs12 file is created
NOTE: The system prompts for a password․ Save this password for the next step

Step 3․ ENCRYPT KEYSTORE PASSWORD

Command: autosys_secure

Select Option 6 to encrypt the password used in the previous step to create the keystore

EXPECTED: An encrypted password string is generated

Step 4․ CONFIGURE AUTOSYS APP SERVER FOR SSL

Path: $AUTOSYS/config․<InstanceID>

Update the configuration file with the following lines:
JDBCSSLClientCertificateKeyPath=<Full Path to pkcs12 keystore>
JDBCSSLClientCertificatePassphrase=<Encrypted Password for keystore>

EXPECTED: The App Server is configured to use the JDBC SSL keystore

Step 5․ CONFIGURE WCC DATABASE CONNECTION

Command:
./wcc_config․sh -u <WCC ADMIN USER> -p <WCC ADMIN Password> -dbapp WCC --dbplatform postgresql --dbaccessmode password --dbname <DBANAME> --dbhost <FQDN For Database> --dbport 5432 --dbschemaname <SCHEMANAME> --dbsslmode allow --dbsslcert <Full path to PostgreSQL Database Server *․crt> --dbsslkey <Full path to PostgreSQL Database Server *․key> --dbuser <DBUSER> --dbpassword <DBPASSWORD>

EXPECTED: The WCC application database connection is updated to use SSL NOTE: Database names are case-sensitive

Step 6․ CONFIGURE WCC REPORTING DATABASE CONNECTION

Command:
./wcc_config․sh -u <WCC ADMIN USER> -p <WCC ADMIN Password> -dbapp REPORTING --dbplatform postgresql --dbaccessmode password --dbname <DBANAME> --dbhost <FQDN For Database> --dbport 5432 --dbschemaname <SCHEMANAME> --dbsslmode allow --dbsslcert <Full path to PostgreSQL Database Server *․crt> --dbsslkey <Full path to PostgreSQL Database Server *․key> --dbuser <DBUSER> --dbpassword <DBPASSWORD>

EXPECTED: The WCC Reporting application database connection is updated to use SSL

Step 7․ RESTART WCC SERVICES

EXPECTED: WCC services start successfully using the new SSL database connections

VERIFY SUCCESS:

• AutoSys scheduler connects to the database without errors

• AutoSys App Server connects successfully using the JDBC keystore

• WCC and Reporting interfaces load and function correctly

KNOWN LIMITATIONS:

• The SSL certificates for the PostgreSQL database must be present locally on the AutoSys and WCC machine