How to Switch from Non-SSL to SSL for CA Workload Control Center (WCC), r11.3

Document ID : KB000017903
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Using the steps provided, along with the Customizing SSL in CA WCC r11.3 Guide, WCC can be switched from non-SSL mode to SSL mode.

Solution:

***IMPORTANT***

The installation of CA WCC on which this procedure is being performed must have had the Enable SSL option selected during installation.

Because your current install of WCC in non-SSL mode, you will need to re-install WCC and enable SSL mode. Any patches/maintenance you have in place may be wiped out. We recommend backing up WCC prior to completing the re-install.

Step 1: Back up your WCC prior to doing the reinstallation.

WINDOWS USERS

  1. Navigate to the following paths and back up your wrapper.conf files:

    C:\Program Files \CA_WCC_INSTALL_LOCATION\AppEditorServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\CmdAppServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\ConfigServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\EventCPMServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\JobStatusConsoleServant\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\JobStatusConsoleServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\LauncherServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\MonitoringServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\QuickEditServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\QuickViewServer\conf
    C:\Program Files \CA_WCC_INSTALL_LOCATION\ResourcesServer\conf

  2. Navigate to C:\Program Files \CA_WCC_INSTALL_LOCATION\bin and back up your WCC files by issuing these commands:

    Issue this command: wcc_config -u ejmcommander -p ejmcommander -x myConfigBackup
    Issue this command: wcc_jsc -u ejmcommander -p ejmcommander -x myJSCBackup
    Issue this command: wcc_monitor -u ejmcommander -p ejmcommander -x myMonitorBackup
    Issue this command: wcc_ha -u ejmcommander -p ejmcommander -x myHABackup
    C. Determine your level of maintenance (in case you have to re-install your patches)
    Navigate to your CA_WCC_INSTALL_LOCATION and run the uejmver.bat file

LINUX USERS

  1. Navigate to the following paths and back up your wrapper.conf files (as the root user):

    /opt/CA_WCC_INSTALL_LOCATION/AppEditorServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/CmdAppServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/configServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/EventCPMServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/JobStatusConsoleServant/conf
    /opt/CA_WCC_INSTALL_LOCATION/JobStatusConsoleServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/LauncherServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/MonitoringServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/QuickEditServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/QuickViewServer/conf
    /opt/CA_WCC_INSTALL_LOCATION/ResourcesServer/conf

  2. Navigate to /opt/CA_WCC_INSTALL_LOCATION/bin and back up your WCC files by issuing these commands:

    Issue this command: wcc_config -u ejmcommander -p ejmcommander -x myConfigBackup
    Issue this command: wcc_jsc -u ejmcommander -p ejmcommander -x myJSCBackup
    Issue this command: wcc_monitor -u ejmcommander -p ejmcommander -x myMonitorBackup
    Issue this command: wcc_ha -u ejmcommander -p ejmcommander -x myHABackup

  3. Determine your level of maintenance (in case you have to re-install your patches)

    Navigate to your CA_WCC_INSTALL_LOCATION and run the uejmver.sh file

Step 2: Once you have backed up WCC, complete your re-installation, making sure you enable SSL mode.

Step 3: Generate a certificate for Secure Access to CA WCC

The procedures to obtain this certificate can be found in the Customizing SSL in CA WCC r11.3 Documentation.

This can be done in three different ways:

  • generate a self-signed certificate (page 3)

  • generate a secret key and request a certificate (page 4-6)

  • import an existing private and certificate (page 7)

NOTE:

If you decide to use a certificate authority (C.A.), it may take hours or days to obtain the certificate. For a production environment, this is the recommended method to acquire the certificate.

If you want to generate a self‐signed certificate, no additional software needs to be installed. For the other two methods of changing the certificate (Generate a secret key and request a certificate, and Import an existing private key and certificate), OpenSSL must be installed on the CA WCC server before you perform either of those procedures. (See page 2)

The certificate you receive from your C.A. should be in PEM format. If it is in DER format, it needs to be converted to PEM. This can be done using OpenSSL.

What happens to the EEM Policies in place?

EEM policies are not affected by the WCC re-installation but you do have the option to overwrite them during the installation.

What happens to the AutoSys Server(s) in place?

The pre-existing AE server(s) will remain in place.

File Attachments:
TEC615020.zip