Welcome
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
Administration Guide
Connection security overview
FIPS compliance
Using FIPS certificates
Using fresh FIPS certificates
Creating your own FIPS certificates
Creating a certificate for the IBM Workload Scheduler agent

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Fix Pack readmes
For the latest information about a Fix Pack, see the appropriate Readme File.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
- Quick Start Guide
- Fix Pack readmes
  For the latest information about a Fix Pack, see the appropriate Readme File.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring IBM Workload Scheduler
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority
      How to create a CA and generate the key
    - SSL connection by using the default certificates
      The SSL connection between the console and other product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the IBM Workload Scheduler components
      The Dynamic Workload Console connects in SSL mode with the IBM Workload Scheduler components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
    - SSL command reference
      List of commands for managing certificates
    - FIPS compliance
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the IBM Workload Scheduler IBM i dynamic environment.
  - Performance
  - Availability
  - License Management in IBM License Metric Tool
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Troubleshooting
- Driving IBM Workload Automation
- Extending IBM Workload Automation
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
Messages and Codes
Glossary
Installing IBM® Workload Scheduler
How to monitor your IBM® Workload Scheduler using the Dynamic Workload Console
How to create your scheduling environment using the Dynamic Workload Console
Notices

Creating a certificate for the IBM Workload Scheduler agent

Perform the following steps to create certificates that are signed by a local common trusted CA on every IBM Workload Scheduler agent in your network.

Enter the following command to create a default CMS key database client.kdbˮ with password “password02ˮ that expires after 1000 days. The password is also stored in stash file “client.sthˮ.
```
gsk7capicmd -keydb -create -db client.kdb -pw password02 
    -stash -expire 1000 -fips
```
Enter the following command to add the CA certificate as trusted in the CMS key database. The label “CA certificate clientˮ is used to address that certificate.
```
gsk7capicmd -cert -add -db client.kdb -pw password02 
    -label "CA certificate client" -trust enable -file CA.crt 
    -format ascii -fips
```
Enter the following command to create the client certificate request based on 2048 bits key, with label “Client WA95 Certificateˮ and distinguish name “CN=Client WA95,O=IBM,OU=TWS,C=ITˮ. The certificate request “client.csrˮ is generated and the private key is created in the key database client.kdb.
```
gsk7capicmd -certreq -create -db client.kdb -pw password02 
    -label "Client WA95 Certificate" -size 2048 -file client.csr 
    –dn "CN=Client  WA95,O=IBM,OU=TWS,C=IT" -fips
```
Enter the following command so that the CA signs the client's certificate request and generates a new signed in file “client.crtˮ.
```
gsk7capicmd -cert -sign -db ca.kdb -pw password00 -label "CA certificate" 
     -target client.crt -expire 365 -file client.csr -fips
```
Enter the following command to import the signed certificate “client.crtˮ in the CMS key database “client.kdbˮ.
```
gsk7capicmd -cert -receive -db client.kdb -pw password02 -file client.crt -fips
```

You can repeat these steps above for all agents or you can use the same certificate for all agents, depending on your security policies and IBM Workload Scheduler localopts configurations.