WORKLOAD AUTOMATION COMMUNITY
  • Home
  • Blogs
  • Forum
  • Resources
  • Events
  • About
  • Contact
  • What's new

CASE STUDY : Automate Certificate Generation, Certificate Application and Change Management through HWA :

10/27/2021

0 Comments

 
Picture
​In this Case Study , we would explore how a New Certificate request placed in a Ticketing Tool like Service Now could be managed through HWA End to End and how HWA would generate this Certificate requested while also placing a csr request ,also raising a Change on Service Now to schedule the Certificate Addition to the Keystore indicated in the original Ticket and also Creating and scheduling a Jobstream to Automate the Certificate Application Step on the given Scheduled Date and Time.
​An Application Team wanting to renew its Certificate on an existing keystore of their’s places a request on Service Now to generate a New Certificate while also providing other details like date and time when the Certificate is to be renewed on the Application , the exact Keystore location , Keystore Name , Certificate Name .
Picture
Fig1

Solution Realization :

A Jobstream on HWA would process this request and generate a New Certificate on the fly while also Scheduling a Change Request on Service Now to manage this change , it would also gather details like the Certificate Application Date , Time , the Keystore Path , Keystore etc to be applied on the given Keystore while including these details in the Description of the Change Ticket and append a Generic Implementation Plan and Backout Plan in the Change , it would also a create a Jobstream to apply the Certificate to the Application on the Given Date and Time.
 
SERVICENOW_GET_CERT_DESCRIPTION :
This Job would be a RESTFUL GET job which would gather Description from the SNOW Ticket filtering by Assignment Group Middleware_Team to extract details from the description of the Ticket and would redirect output to an output file /tmp/cert_request_description.
Picture
Fig2

EXTRACT_CERTPATH :

This Job would extract the Certificate Path from the Request Description:
Picture
Fig3

EXTRACT_CERT_APPLY_DATE :

This Job would extract the Date when the Certificate is to be applied on the System from the Request Description:
Picture
Fig4

EXTRACT_CERT_APPLY_TIME :

This job would extract the time when the Certificate is to be applied on the System from the Request Description:
Picture
Fig5

EXTRACT_CERT_NAME:

This Job would extract the Name of the Certificate to be applied on the System from the Request Description:
Picture
Fig6

STORE_CERTPATH , STORE_CERT_APPLY_DATE , STORE_CERT_APPLY_TIME and STORE_CERT_NAME Jobs :

These STORE would use jobprop utility of HWA and store all details like Certificate Path , Certificate Application Date , Certificate Application Time and Certificate Name into HWA variables and expose these Variables for the rest of the Jobstream Flow :
Picture
Fig7:
Picture
Fig8:
Picture
Fig9:
Picture
Fig10

STORE_CERT_DETAILS:
This Variable Table Update Job would update a Variable Table named CERTDETAILS also associated at the Jobstream level which would update variables like CERTAPPLYDATE , CERTPATH , CERTNAME , CERTAPPLYTIME in the Variable Table from the exposed variables from the previous set of STORE Jobs:
Picture
Fig11:

CERTAPPLY Job :

This job would generate a Certificate based on the Certificate Path and Certificate Name passed as arguments while also generating a Certificate Signing request:
Picture
Fig12:

Joblog from execution:


===============================================================
= JOB       : MASTER_DA#CERT_REQ_MGMT[(1157 10/22/21),(0AAAAAAAAAAABPKT)].CERTAPPLY
= USER      : root
= JCLFILE   : /home/testhwa/certcreate.sh /home/testhwa oct_2021
= TWSRCMAP  :
= AGENT     : DAUNIX
= Job Number: 789034989
= Fri 10/22/2021 11:58:26 CEST
===============================================================
PATH=$1
+ PATH=/home/testhwa
CERTNAME=$2
+ CERTNAME=oct_2021
JKSEXT=".jks"
+ JKSEXT=.jks
JKSFILE=`echo $CERTNAME$JKSEXT`
echo $CERTNAME$JKSEXT
++ echo oct_2021.jks
+ JKSFILE=oct_2021.jks
cd ~testhwa
+ cd /home/testhwa
/bin/keytool -genkey -alias $CERTNAME -keyalg RSA -keysize 2048 -keypass
changeit -keystore $JKSFILE -validity 365 -storepass changeit -dname
"CN=EU-HWS-LNX242, OU=HCLSoftware, O=HCLTechnologies, L=IN, ST=KA, C=IN"
+ /bin/keytool -genkey -alias oct_2021 -keyalg RSA -keysize 2048 -keypass
changeit -keystore oct_2021.jks -validity 365 -storepass changeit -dname
'CN=EU-HWS-LNX242, OU=HCLSoftware, O=HCLTechnologies, L=IN, ST=KA, C=IN'
keytool error: java.lang.Exception: Key pair not generated, alias
<oct_2021> already exists
/bin/keytool -certreq -keyalg RSA -alias $CERTNAME -file oct_2021.csr -
keystore $JKSFILE -storepass changeit
+ /bin/keytool -certreq -keyalg RSA -alias oct_2021 -file oct_2021.csr -
keystore oct_2021.jks -storepass changeit
 
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore oct_2021.jks -destkeystore oct_2021.jks -deststoretype pkcs12".
/bin/keytool -export -alias $CERTNAME -keypass changeit -keystore $JKSFILE -storepass changeit -file oct_2021
+ /bin/keytool -export -alias oct_2021 -keypass changeit -keystore oct_2021.jks -storepass changeit -file oct_2021
Certificate stored in file <oct_2021>
 
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore oct_2021.jks -destkeystore oct_2021.jks -deststoretype pkcs12".
 
===============================================================
= Exit Status           : 0
= Elapsed Time (hh:mm:ss) : 00:00:01
= Job CPU usage (ms) : 957
= Job Memory usage (kb) : 32980
= Fri 10/22/2021 11:58:27 CEST
===============================================================

SERVICENOW_POST_CHANGETICKET :

This is a RESTFUL Post job would Post a Change Ticket on Service Now with the details extracted from HWA Variables like Date and Time of the Certificate Application , Certificate Name , Certificate Path , Keystore Details etc. It would also post a generic Implementation Plan and Backout Plan in the change for a normal Certificate Application to a jks keystore .
Picture
Fig13:
Picture
Fig14:

Joblog from Exceution :
===============================================================
= JOB       : MASTER_DA#CERT_REQ_MGMT[(1157
10/22/21),(0AAAAAAAAAAABPKT)].SERVICENOW_POST_CHANGETICKET

= TASK      : <?xml version="1.0" encoding="UTF-8"?>
<jsdl:jobDefinitionxmlns:XMLSchema="http://www.w3.org/2001/XMLSchema" xmlns:jsdl="http://www.ibm.com/xmlns/prod/scheduling/1.0/jsdl" xmlns:jsdlrestful="http://www.ibm.com/xmlns/prod/scheduling/1.0/jsdlrestful" XMLSchema:text="resolveVariableTable" name="RESTFUL">
<jsdl:variables>

    <jsdl:stringVariable
name="tws.jobstream.name">CERT_REQ_MGMT</jsdl:stringVariable>

    <jsdl:stringVariable
name="tws.jobstream.id">0AAAAAAAAAAABPKT</jsdl:stringVariable>

    <jsdl:stringVariable
name="tws.job.name">SERVICENOW_POST_CHANGETICKET</jsdl:stringVariable>

    <jsdl:stringVariable
name="tws.job.workstation">MASTER_DA</jsdl:stringVariable>

    <jsdl:stringVariable
name="tws.job.iawstz">202110221157</jsdl:stringVariable>

    <jsdl:stringVariable name="tws.job.promoted">NO</jsdl:stringVariable>
    <jsdl:stringVariable 
name="tws.job.resourcesForPromoted">10</jsdl:stringVariable>

    <jsdl:stringVariable name="tws.job.num">789034990</jsdl:stringVariable>
    <jsdl:stringVariable name="CERTNAME">oct_2021</jsdl:stringVariable>
    <jsdl:stringVariable name="CERTAPPLYTIME">0800</jsdl:stringVariable>
    <jsdl:stringVariable
name="CERTAPPLYDATE">10/23/2021</jsdl:stringVariable>

    <jsdl:stringVariable
name="CERTPATH">/home/testhwa</jsdl:stringVariable>

  </jsdl:variables>
  <jsdl:application name="restful">
    <jsdlrestful:restful>
<jsdlrestful:RestfulParameters>

                               <jsdlrestful:Authentication>
                                      <jsdlrestful:credentials>
                                              <jsdl:userName>admin</jsdl:userName>
                                              <jsdl:password>{aes}iyNVDXKy/4zfz36dywDf8YWVoxbqpS1dMvwKt9HqMsw=</jsdl:password>
                                      </jsdlrestful:credentials>
                                      <jsdlrestful:CertificateGroup>
                                              <jsdlrestful:keyStoreFilePath/>
                                              <jsdlrestful:password/>
                                              <jsdlrestful:HostnameVerifyCheckbox/>
                                      </jsdlrestful:CertificateGroup>
                               </jsdlrestful:Authentication>
                               <jsdlrestful:RESTAction>
                                      <jsdlrestful:URI>https://dev114719.service-now.com/api/now/table/x_650167_change_0_change_mgmt</jsdlrestful:URI>
                                      <jsdlrestful:method>POST</jsdlrestful:method>
                                      <jsdlrestful:outputFileName/>
 
                               </jsdlrestful:RESTAction>
                                                                <jsdlrestful:Body>
<jsdlrestful:contentType>application/json</jsdlrestful:contentType>

                                      <jsdlrestful:BodyGroup>
                                              <jsdlrestful:TextBody>
                                              <jsdlrestful:InputTextBody>{&quot;assignment_group&quot;:&quot;Middleware_Team&quot;,&quot;expected_start&quot;:&quot;10/15/2021 08:00AM&quot;,&quot;description&quot;:&quot;CertApply:oct_2021:Weblogic.jks:'/home/testhwa'&quot;,&quot;implementation_plan&quot;:&quot;Implementation Plan :  1. Apply the below command to apply the Certificate to the Keystore :  /bin/keytool -import -alias tws -file /root/&lt;CertificateName>.crt -keystore &lt;Keystore>.jks&quot;,&quot;backout_plan&quot;:&quot;Backout Plan :  1. Apply the below command to revoke the Certificate :  /bin/keytool -remove -alias tws -keystore &lt;Keystore>.jks&quot;}</jsdlrestful:InputTextBody>
                                              </jsdlrestful:TextBody>
                                      </jsdlrestful:BodyGroup>
                               </jsdlrestful:Body>
                               <jsdlrestful:Advanced>
 
                                      <jsdlrestful:Accept/>
                                      <jsdlrestful:JSONPropertiesGroup>
                                              <jsdlrestful:JsonObjectResultQuery/>
                                      </jsdlrestful:JSONPropertiesGroup>
                                       <jsdlrestful:NumberOfRetries>0</jsdlrestful:NumberOfRetries>
                                       <jsdlrestful:RetryIntervalSeconds>30</jsdlrestful:RetryIntervalSeconds>
                               </jsdlrestful:Advanced>
                       </jsdlrestful:RestfulParameters>
               </jsdlrestful:restful>
  </jsdl:application>
  <jsdl:resources>
    <jsdl:orderedCandidatedWorkstations>
      <jsdl:workstation>D59D04CADB9611EA847C29F79A38B2EB</jsdl:workstation>
    </jsdl:orderedCandidatedWorkstations>
  </jsdl:resources>
</jsdl:jobDefinition>
= TWSRCMAP  :
= AGENT     : MASTER_DA
= Job Number: 789034990
= Fri 10/22/2021 11:58:33 CEST
===============================================================
{"result":{"parent":"","reason":"","watch_list":"","upon_reject":"cancel","
sys_updated_on":"2021-10-22 09:59:10","type":"normal","approval_history":"","number":"CHA0001009","test_plan":"","cab_delegate":"","requested_by_date":"","state":"-5","sys_created_by":"admin","knowledge":"false","order":"","phase":"requested","cmdb_ci":"","delivery_plan":"","contract":"","impact":"3","active":"true","work_notes_list":"","priority":"4","sys_domain_path":"/","cab_recommendation":"","production_system":"false","review_date":"","business_duration":"","group_list":"","requested_by":{"link":"https://dev114719.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441","value":"6816f79cc0a8016401c5a33be04be441"},"change_plan":"","approval_set":"","implementation_plan":"Implementation Plan :  1. Apply the below command to apply the Certificate to the Keystore :  /bin/keytool -import -alias tws -file /root/<CertificateName>.crt -keystore <Keystore>.jks","universal_request":"","end_date":"","short_description":"","correlation_display":"","delivery_task":"","work_start":"","additional_assignee_list":"","outside_maintenance_schedule":"false","std_change_producer_version":"","service_offering":"","sys_class_name":"x_650167_change_0_change_mgmt","closed_by":"","follow_up":"","reassignment_count":"0","review_status":"","assigned_to":"","start_date":"","sla_due":"","comments_and_work_notes":"","escalation":"0","upon_approval":"proceed","correlation_id":"","made_sla":"true","backout_plan":"Backout Plan :  1. Apply the below command to revoke the Certificate :  /bin/keytool -remove -alias tws -keystore <Keystore>.jks","conflict_status":"Not Run","task_effective_number":"CHA0001009","sys_updated_by":"admin","opened_by":{"link":"https://dev114719.service-now.com/api/now/table/sys_user/6816f79cc0a8016401c5a33be04be441","value":"6816f79cc0a8016401c5a33be04be441"},"user_input":"","sys_created_on":"2021-10-22 09:59:10","on_hold_task":"","sys_domain":{"link":"https://dev114719.service-now.com/api/now/table/sys_user_group/global","val

ue":"global"},"route_reason":"","closed_at":"","review_comments":"","business_service":"","time_worked":"","chg_model":{"link":"https://dev114719.service-now.com/api/now/table/chg_model/007c4001c343101035ae3f52c1d3aeb2","value":"007c4001c343101035ae3f52c1d3aeb2"},"expected_start":"2021-10-15 00:00:00","opened_at":"2021-10-22 09:59:10","work_end":"","phase_state":"open","cab_date":"","work_notes":"","close_code":"","assignment_group":{"link":"https://dev114719.service-now.com/api/now/table/sys_user_group/Middleware_Team","value":"Middleware_Team"},"description":"CertApply:oct_2021:Weblogic.jks:'/home/testhwa'","on_hold_reason":"","calendar_duration":"","close_notes":"","sys_id":"9444a06e1b1330107394c805604bcb1c","contact_type":"","cab_required":"false","urgency":"3","scope":"3","company":"","justification":"","activity_due":"","comments":"","approval":"not requested","due_date":"","sys_mod_count":"0","on_hold":"false","sys_tags":"","conflict_last_run":"","unauthorized":"false","location":"","risk":"3","category":"Other","risk_impact_analysis":""}}
 
===============================================================
= Exit Status           : 0
= Elapsed Time (hh:mm:ss) : 00:00:01
= Fri 10/22/2021 11:58:35 CEST
===============================================================

The above output shows the Change Number CHA0001009 generated on Service Now . Here’s the Change generated on Service Now automatically:
​
Picture
Fig15:
Picture
Fig16:

CREATESCHEDULE Job:

This job would create a New Jobstream for the Certificate generation taking into account the Date when the Certificate Application is to be done and the time when the Certificate is to be applied  ,so that on the given date and time the Jobstream executes and applies the Certificate needed on the JKS Keystore in question
Picture
Fig17:

Joblog of CREATESCHEDULE Job :

===============================================================
= JOB       : MASTER_DA#CERT_REQ_MGMT[(1157 10/22/21),(0AAAAAAAAAAABPKT)].CREATESCHEDULE
= USER      : wauser           
= JCLFILE   : /opt/wauser/createschedule.sh 10/23/2021 0800
= Job Number: 25528
= Fri 10/22/21 12:00:50 CEST
===============================================================
WA for UNIX/JOBMANRC 9.5
AWSBIS307I Starting /opt/wauser/TWS/jobmanrc /opt/wauser/createschedule.sh 10/15/2021 0800
 
IBM Workload Automation(UNIX)/JOBINFO 9.5.0.02 (20200410)
Installed for user "wauser".
Locale LANG set to the following: "en"
/opt/wauser/createschedule.sh 10/15/2021 0800
IBM Workload Automation(UNIX)/COMPOSER 9.5.0.02 (20200410)
Licensed Materials - Property of IBM* and HCL**
5698-WSH
(C) Copyright IBM Corp. 1998, 2016 All rights reserved.
(C) Copyright HCL Technologies Ltd. 2016, 2019 All rights reserved.
* Trademark of International Business Machines
** Trademark of HCL Technologies Limited
Installed for user "wauser".
Locale LANG set to the following: "en"
User: wauser, Host:127.0.0.1, Port:31116
User: wauser, Host:10.14.37.83, Port:31116
/
-add /tmp/Schedbuild
AWSJCL003I The command "add" completed successfully on object "js=MASTER_DA#DEPLOYCERT".
AWSBIA090I For file "/tmp/Schedbuild": errors 0, warnings 0.
AWSBIA288I Total objects updated: 1
AWSBIS308I End of job
===============================================================
= Exit Status           : 0
= System Time (Seconds) : 0     Elapsed Time (hh:mm:ss) : 0:00:01
= User Time (Seconds)   : 0
= Fri 10/22/21 12:00:51 CEST
===============================================================
Schedule Created Automatically :
Jobstream named DEPLOYCERT Created Automatically and Scheduled for 23rd Oct :
Picture
Fig18:

Conclusions from the UseCase :
Certificate Generation , Application can be completely Automated End to End through HWA.
HWA can be an End to End Orchestrator for Change Creation and Change Implementation as well.
Picture
Fig19:

Authors Bio
Picture
Sriram V, ​Senior Technical Lead
​

Sriram is working with Workload Automation for the last 12+ years. Started out as a Scheduler, later as an Administrator, SME and India SME of the Product. He has been part of the Product Team in the last few years supporting Workload Automation on SaaS before moving to the Lab Services and Tech Sales of WA.​
View my profile on LinkedIn
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Archives

    March 2025
    February 2025
    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    June 2024
    May 2024
    April 2024
    March 2024
    February 2024
    January 2024
    October 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    January 2020
    December 2019
    November 2019
    October 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017

    Categories

    All
    Analytics
    Azure
    Business Applications
    Cloud
    Data Storage
    DevOps
    Monitoring & Reporting

    RSS Feed

www.hcltechsw.com
About HCL Software 
HCL Software is a division of HCL Technologies (HCL) that operates its primary software business. It develops, markets, sells, and supports over 20 product families in the areas of DevSecOps, Automation, Digital Solutions, Data Management, Marketing and Commerce, and Mainframes. HCL Software has offices and labs around the world to serve thousands of customers. Its mission is to drive ultimate customer success with their IT investments through relentless innovation of its products. For more information, To know more  please visit www.hcltechsw.com.  Copyright © 2024 HCL Technologies Limited
  • Home
  • Blogs
  • Forum
  • Resources
  • Events
  • About
  • Contact
  • What's new