Welcome
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
Administration Guide
Connection security overview
FIPS compliance
Using FIPS certificates
Using fresh FIPS certificates
Creating your own FIPS certificates
Creating your own Certificate Authority

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Fix Pack readmes
For the latest information about a Fix Pack, see the appropriate Readme File.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
- Quick Start Guide
- Fix Pack readmes
  For the latest information about a Fix Pack, see the appropriate Readme File.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring IBM Workload Scheduler
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority
      How to create a CA and generate the key
    - SSL connection by using the default certificates
      The SSL connection between the console and other product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the IBM Workload Scheduler components
      The Dynamic Workload Console connects in SSL mode with the IBM Workload Scheduler components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
    - SSL command reference
      List of commands for managing certificates
    - FIPS compliance
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the IBM Workload Scheduler IBM i dynamic environment.
  - Performance
  - Availability
  - License Management in IBM License Metric Tool
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Troubleshooting
- Driving IBM Workload Automation
- Extending IBM Workload Automation
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
Messages and Codes
Glossary
Installing IBM® Workload Scheduler
How to monitor your IBM® Workload Scheduler using the Dynamic Workload Console
How to create your scheduling environment using the Dynamic Workload Console
Notices

Creating your own Certificate Authority

Create the CA on any workstation in your network. Run the following steps only once to create a CA that will be used each time a new certificate needs to be created and signed.

Enter the following command to create the CMS key database “ca.kdbˮ with password “password00ˮ that expires after 1000 days.
```
gsk7capicmd -keydb -create -db ca.kdb -pw password00 -stash -expire 1000 -fips
```
Enter the following command to create the self-signed certificate with label “CA certificateˮ using the distinguish name “CN=CA certificate,O=IBM,OU=TWS,C=ITˮ. The certificate expires after 1000 days.
```
gsk7capicmd -cert -create  -db ca.kdb -pw password00 -label "CA certificate" 
     -size 2048 -expire 1000 -dn "CN=CA certificate,O=IBM,OU=TWS,C=IT"
```
Enter the following command to extract the CA certificate into external file “ca.crtˮ. The certificate is addressed by the corresponding label.
```
gsk7capicmd -cert -extract -db ca.kdb -pw password00 -label "CA certificate" 
      -target CA.crt
```

This file will contain the public certificate of the certificate authority.