A started enterprise server instance, or region, must have a Web Services and J2EE listener to enable a JSON interface for monitoring and controlling the live instance. This JSON interface is part of the component known as ESMAC.
Communications between ESCWA and ESMAC can be secured by configuring the Web Services and J2EE listener. See TLS Advanced Settings in the Listeners topic for more information.
ESCWA will communicate with ESMAC as a client, so it requires TLS client configuration. Like COBOL web-service clients and Enterprise Server command-line utilities, ESCWA uses the Micro Focus Common Client (MFCC), so the MFCC configuration file mf-client.dat on the ESCWA host machine needs to be configured appropriately. See Micro Focus Common Client for more information.
Typically, you will need to set the "root" configuration item to point to a file containing the CA certificate(s) needed to verify the server certificate sent by your enterprise server instance. If your enterprise server instance uses a server certificate from a public CA, you can probably use the collection of public CA root and intermediate certificates supplied with the product, CARootCerts.pem. If your enterprise server instance uses a certificate generated by Demo CA, use the file entities/CAs/EC_CAcollection.pem from your Demo CA instance. For server certificates generated with an organizational CA, you will need a CA certificate collection from the CA administrator.
See Installing a Client Certificate for Enterprise Server for more information on configuration if your Web Services and J2EE listener requires a client certificate.