Connection security overview

IBM® Z Workload Scheduler provides a secure, authenticated, and encrypted connection mechanism for communication based on the Secure Sockets Layer (SSL) or Transport Secure Layer (TLS) protocol, which is automatically installed with IBM® Z Workload Scheduler.

IBM® Z Workload Scheduler also provides default certificates to manage the SSL/TLS protocol that is based on a private and public key methodology.

If you do not customize SSL/TLS communication with your certificates, to communicate in SSL/TLS mode, IBM® Z Workload Scheduler uses the default certificates that are stored in the default directories, as explained in SSL connection by using the default certificates. However, in a production environment, it is recommended that you customize SSL/TLS communication with your own certificates.

Starting from the Dynamic Workload Console v9.5, Fix Pack 3, you can optionally generate your SSL certificates automatically when you perform a fresh installation from the CLI, as described in Installing a Dynamic Workload Console server.

When you perform a fresh installation, you only need to provide the .PEM files, specify the directory where the files are located and the password you want to use for the keystore and truststore. The installation program automatically generates the certificates. If the files are generated from the same CA (ca.crt), the whole environment is automatically configured in SSL mode. For more information about generating the CA, see Creating a Certificate Authority.