IBM Support

Coexistence of Default and Custom TLS Certificates

How To


Summary

Network communication between each component of IBM Workload Automation (IWA) is
secured using TLS v1.2 and v1.3 protocols. This is accomplished by deploying TLS Certificates
for each component. IWA deploys IBM Self-Signed certificates at installation time to make it
easy to deploy and have a working scheduling environment with little effort. To enhance
security, organizations decide to replace the default certificates with commercially recognized
CA (Certificate Authority) signed certificate for each server in the environment. This requires
all default self-signed certificates used by every component to be replaced by CA signed
certificates.
In order to keep the environments intact and all components communicating while the default
certificates are replaced, instead of a rip and replace approach, a cap and grow approach is
adopted where the default certificates coexist with the new certificates until the new certificates
have been imported into the KeyStores and TrustStores of all components. The default
certificates can then be deleted from all KeyStores and TrustStores.
The following sections describe the procedure to replace the certificates.

Steps

Additional Information

It can be found also into

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"ARM Category":[{"code":"a8m50000000L2tUAAS","label":"Documentation"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1.0"}]

Document Information

Modified date:
02 July 2024

UID

ibm17159522

Page Feedback