Automic Workload Automation

Hi there,

We have two environments, a Prod and Non-Prod running AE 12.3. On both we have AE, AWI running on the same Windows server and SQL DB running on another Windows server. We have Windows, Linux, SQL, SAP agents, some running on GCP and others on premise.  Our organization issues Public as well as Internal certificates. What kind of certificate should we go for and how many of them would be required? Also what kind of certificate should it be, Standard, SAN or Wildcard?

Thanks.

Hi Kumar,

please have a look at the following page:

https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.8/Automic%20Automation%20Guides/Content/_Common/GettingStarted/GS_BeforeStartTLS.htm

It gives a good summary of all the relevant TLS topics.

Regarding your questions please check the internal policies.

*) Since some agents are on GCP, does that require a public certificate?
*) The JCP uses a certificate to secure all connections between clients (=agents, AWI, etc.) and the JCP. Only one certificate is needed for that kind of connections. List all the addresses clients use to connect to the JCP in the certificate. If there is more than one, list them all in the SAN. The certificate needs to be of type "server authentication". Try to avoid IP-adresses in the certificate as they are subject to change.
*) make sure the hostaname= parameter is defined in the ucsrv.ini, to avoid agents using IP adresses to connect to the JCP
*) use one certificate per instance (one for Prod and another one for Non-prod). The CA root certificate will most likely be the same for both.
*) check out our free educational videos on TLS at https://academy-classes.broadcom.com/users/sign_in?next=%2Fcatalog%2Fcourses%2F2390504

Regards, Markus

Hi there,

We have two environments, a Prod and Non-Prod running AE 12.3. On both we have AE, AWI running on the same Windows server and SQL DB running on another Windows server. We have Windows, Linux, SQL, SAP agents, some running on GCP and others on premise.  Our organization issues Public as well as Internal certificates. What kind of certificate should we go for and how many of them would be required? Also what kind of certificate should it be, Standard, SAN or Wildcard?

Thanks.

Thanks for the response. We have only one server for AE and one for DB(no distributed environment). Our AE, Web UI are on GCP and some of the agents too. Our Java Based agents like SAP and SQL are on the same server as the AE. We are requesting a Public CA(Digicert) certificate from our organization and have to mention which hosts or IPs the certificate would be bound to. So should we mention the FQDN of the server on which AE is running or also mention all the host names for all the agents?

Hi Kumar,

please have a look at the following page:

https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.8/Automic%20Automation%20Guides/Content/_Common/GettingStarted/GS_BeforeStartTLS.htm

It gives a good summary of all the relevant TLS topics.

Regarding your questions please check the internal policies.

*) Since some agents are on GCP, does that require a public certificate?
*) The JCP uses a certificate to secure all connections between clients (=agents, AWI, etc.) and the JCP. Only one certificate is needed for that kind of connections. List all the addresses clients use to connect to the JCP in the certificate. If there is more than one, list them all in the SAN. The certificate needs to be of type "server authentication". Try to avoid IP-adresses in the certificate as they are subject to change.
*) make sure the hostaname= parameter is defined in the ucsrv.ini, to avoid agents using IP adresses to connect to the JCP
*) use one certificate per instance (one for Prod and another one for Non-prod). The CA root certificate will most likely be the same for both.
*) check out our free educational videos on TLS at https://academy-classes.broadcom.com/users/sign_in?next=%2Fcatalog%2Fcourses%2F2390504

Regards, Markus

Hi there,

We have two environments, a Prod and Non-Prod running AE 12.3. On both we have AE, AWI running on the same Windows server and SQL DB running on another Windows server. We have Windows, Linux, SQL, SAP agents, some running on GCP and others on premise.  Our organization issues Public as well as Internal certificates. What kind of certificate should we go for and how many of them would be required? Also what kind of certificate should it be, Standard, SAN or Wildcard?

Thanks.