Regenerate EEM Certificates for CA Workload Automation AE and CA Workload Control Center
search cancel

Regenerate EEM Certificates for CA Workload Automation AE and CA Workload Control Center

book

Article ID: 9957

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

After making changes to your EEM instance, it is recommended to regenerate the EEM certificates used by CA Workload Automation AE (Autosys) and CA Workload Control Center. 

Changes to your EEM instance can include (but are not limited to):

  • Upgrading the EEM version
  • Change EiamAdmin account password
  • Changing the certificate key lengths (1024 to 2048)
  • Changing the digest algorithm (SHA1 to SHA256)
  • Placing EEM within a failover/multiwrite cluster



Environment

CA Embedded Entitlements Manager r12.x

CA Workload Automation AE r11.3.5 and higher

CA Workload Control Center r11.4 and higher

Resolution

REGENERATE EEM CERTIFICATES FOR AUTOSYS

$autosys_secure

CA WAAE Security Utility

Please select from the following options:

[1] Revert to NATIVE instance security.

[2] Manage CA EEM security settings.

[3] Change database password.

[4] Change remote authentication method.

[5] Manage user@host or user@domain users.

[6] Get encrypted password.

[0] Exit CA WAAE Security Utility.

2

 

Manage CA EEM security settings

 

Please select from the following options:

[1] Manage CA EEM server settings.

[2] Manage cached credentials.

[9] Exit from "Manage CA EEM security settings" menu.

[0] Exit CA WAAE Security Utility.

1

 

Manage CA EEM server settings

 

Please select from the following options:

[1] Show current CA EEM server settings.

[2] Set CA EEM server location and regenerate certificate.

[3] Set unauthenticated user mode.

[9] Exit from "Manage CA EEM server settings" menu.

[0] Exit CA WAAE Security Utility.

2

 

Input the CA EEM server name(s) (or hit enter to cancel):  The EEM server hostname(s) [eem_server_1, eem_server_2 ]

Input the CA EEM administrator name (or hit enter to cancel):  EiamAdmin

Input the CA EEM administrator password: (the password will be hidden while you type)

 

Confirm the CA EEM administrator password: (the password will be hidden while you type)

 Note: Specify all EEM cluster nodes as comma separated values, in case of EEM Multi-Write configuration(eemserver1,eemserver2). 

 

CAUAJM_I_60200 CA EEM certificate generated successfully.

CAUAJM_W_60190 The CA EEM server location remains unchanged.

  

Please select from the following options:

[1] Show current CA EEM server settings.

[2] Set CA EEM server location and regenerate certificate.

[3] Set unauthenticated user mode.

[9] Exit from "Manage CA EEM server settings" menu.

[0] Exit CA WAAE Security Utility.

>0

 

REGENERATE EEM CERTIFICATES FOR WCC

Navigate to $CA_WCC_INSTALL_LOCATION directory.

# This step is to back existing configuration

cp -rp data  data_backup

 

cd $CA_WCC_INSTALL_LOCATION/safex 

#Rename/move wcc.pem and wcc.key files,  if they exist here in this folder

         ## IssueCertificate.xml exists in $CA_WCC_INSTALL_LOCATION/safex

 

Issue the following command to generate new wcc.pem and wcc.key files:

./safex -h eem_hostname -u EiamAdmin -p password -f IssueCertificate.xml

The password (-p) is for EiamAdmin.

For example:

#./safex -h eem_server_1  -u EiamAdmin -p <EiamAdmin_user_password> -f IssueCertificate.xml

Setting Translation file:./safex.tr

Setting back end to "localhost"

 

Setting locale to "en_us"

 

OK:Successfully Authenticated

OK: action[Attach] with ApplicationInstance label[WCC0004]

OK: action[IssueCertificate] for ApplicationInstance label[WCC0004] user[]

OK: action[Detach] from ApplicationInstance label[WCC0004]

OK:Total objects Added 0

OK:Total objects Modified 0

OK:Total objects Removed 0

OK:Total objects Skipped 0

OK:Total objects Exported 0

 

#Ensure new wcc.pem and wcc.key files got generated by:

ls -al wcc*

 

#Change directory to data/config

cd $CA_WCC_INSTALL_LOCATION/data/config

#Rename/move the existing wcc.pem and wcc.key certificates.

rm -f wcc.key wcc.pem

#Copy the newly generated certificate wcc.pem and the key wcc.key files from $CA_WCC_INSTALL_LOCATION/safex to the current location ($CA_WCC_INSTALL_LOCATION/data/config)

cp -p $CA_WCC_INSTALL_LOCATION/safex/wcc.* $CA_WCC_INSTALL_LOCATION/data/config

 

#Set the file ownership permissions to the same as the previous files if needed.  owner should be same as rest of the files, 444 permissions are minimum

 

#Register the CA WCC to use newly certificates

 

cd $CA_WCC_INSTALL_LOCATION/bin 

./wcc_config.sh -u ejmcommander -p ejmcommander --eemhostname eem_server_1, eem_server_2  --eemappid WCC0004 --eemcertname wcc.pem --eemcertkey wcc.key --emadmin EiamAdmin --eempassword EiamAdmin_user_password

 Note: Specify all EEM cluster nodes as comma separated values, in case of EEM Multi-Write configuration(eemserver1,eemserver2).

Logging in as 'ejmcommander' - SUCCESS

 

EEM server has been changed successfully.

 - FINISHED

The changes will be applied only after restart.

Execute the following command to restart the services.

-----------------------------------------------------------------------

unisrvcntr restart CA-wcc-services

 

-----------------------------------------------------------------------

 

As indicated in the command output, Restart the WCC services using the command 'unisrvcntr restart CA-wcc-services'

Additional Information

 

 

Powered by Wolken Software