Regenerate EEM Certificates for CA Workload Automation AE and CA Workload Control Center
search cancel

Regenerate EEM Certificates for CA Workload Automation AE and CA Workload Control Center

book

Article ID: 9957

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

After making changes to the EEM instance, it is recommended to regenerate the EEM certificates used by CA Workload Automation AE (Autosys) and CA Workload Control Center. 

Changes to your EEM instance can include (but are not limited to):

  • Upgrading the EEM version
  • Change EiamAdmin account password
  • Changing the certificate key lengths (1024 to 2048)
  • Changing the digest algorithm (SHA1 to SHA256)
  • Placing EEM within a failover/multi-write cluster

Environment

CA Embedded Entitlements Manager r12.x
CA Workload Automation AutoSys 12.x
CA Workload Control Center 12.x

Resolution

REGENERATE EEM CERTIFICATES FOR AUTOSYS
$autosys_secure
CA WAAE Security Utility
Please select from the following options:
[1] Revert to NATIVE instance security.
[2] Manage CA EEM security settings.
[3] Change database password.
[4] Change remote authentication method.
[5] Manage user@host or user@domain users.
[6] Get encrypted password.
[0] Exit CA WAAE Security Utility.
2

Manage CA EEM security settings
Please select from the following options:
[1] Manage CA EEM server settings.
[2] Manage cached credentials.
[9] Exit from "Manage CA EEM security settings" menu.
[0] Exit CA WAAE Security Utility.
1

Manage CA EEM server settings
Please select from the following options:
[1] Show current CA EEM server settings.
[2] Set CA EEM server location and regenerate certificate.
[3] Set unauthenticated user mode.
[9] Exit from "Manage CA EEM server settings" menu.
[0] Exit CA WAAE Security Utility.
2

 

Input the CA EEM server name(s) (or hit enter to cancel):  The EEM server hostname(s) [eem_server_1, eem_server_2 ]
Input the CA EEM administrator name (or hit enter to cancel):  EiamAdmin
Input the CA EEM administrator password: (the password will be hidden while you type)

Confirm the CA EEM administrator password: (the password will be hidden while you type)
 Note: Specify all EEM cluster nodes as comma separated values, in case of EEM Multi-Write configuration(eemserver1,eemserver2).

CAUAJM_I_60200 CA EEM certificate generated successfully.
CAUAJM_W_60190 The CA EEM server location remains unchanged.

  

Please select from the following options:
[1] Show current CA EEM server settings.
[2] Set CA EEM server location and regenerate certificate.
[3] Set unauthenticated user mode.
[9] Exit from "Manage CA EEM server settings" menu.
[0] Exit CA WAAE Security Utility.
>0

 

REGENERATE EEM CERTIFICATES FOR WCC
Navigate to $CA_WCC_INSTALL_LOCATION directory.
# This step is to back existing configuration
cp -rp data  data_backup

 

cd $CA_WCC_INSTALL_LOCATION/safex 
#Rename/move wcc.pem and wcc.key files,  if they exist here in this folder
## IssueCertificate.xml exists in $CA_WCC_INSTALL_LOCATION/safex

Issue the following command to generate new wcc.pem and wcc.key files:
./safex -h eem_hostname -u EiamAdmin -p password -f IssueCertificate.xml

The password (-p) is for EiamAdmin.
For example:
#./safex -h eem_server_1  -u EiamAdmin -p <EiamAdmin_user_password> -f IssueCertificate.xml

Setting Translation file:./safex.tr
Setting back end to "localhost"
Setting locale to "en_us"
OK: Successfully Authenticated
OK: action[Attach] with ApplicationInstance label[WCC0004]
OK: action[IssueCertificate] for ApplicationInstance label[WCC0004] user[]
OK: action[Detach] from ApplicationInstance label[WCC0004]
OK: Total objects Added 0
OK: Total objects Modified 0
OK: Total objects Removed 0
OK: Total objects Skipped 0
OK: Total objects Exported 0

#Ensure new wcc.pem and wcc.key files got generated by:
ls -al wcc*

#Change directory to data/config
cd $CA_WCC_INSTALL_LOCATION/data/config

#Rename/move the existing wcc.pem and wcc.key certificates.
rm -f wcc.key wcc.pem

#Copy the newly generated certificate wcc.pem and the key wcc.key files from $CA_WCC_INSTALL_LOCATION/safex to the current location ($CA_WCC_INSTALL_LOCATION/data/config)
cp -p $CA_WCC_INSTALL_LOCATION/safex/wcc.* $CA_WCC_INSTALL_LOCATION/data/config

#Set the file ownership permissions to the same as the previous files if needed.  owner should be same as rest of the files, 444 permissions are minimum

#Register the CA WCC to use new certificates
cd $CA_WCC_INSTALL_LOCATION/bin 
./wcc_config.sh -u ejmcommander -p ejmcommander --eemhostname eem_server_1, eem_server_2  --eemappid WCC0004 --eemcertname wcc.pem --eemcertkey wcc.key --eemadmin EiamAdmin --eempassword EiamAdmin_user_password
Note: Specify all EEM cluster nodes as comma separated values, in case of EEM Multi-Write configuration(eemserver1,eemserver2).

Logging in as 'ejmcommander' - SUCCESS
EEM server has been changed successfully.
 - FINISHED

The changes will be applied only after restart.
Execute the following command to restart the services.

-----------------------------------------------------------------------
unisrvcntr restart CA-wcc-services
-----------------------------------------------------------------------

As indicated in the command output, Restart the WCC services using the command 'unisrvcntr restart CA-wcc-services'

Additional Information

 

 

Powered by Wolken Software