securityUtility command
The securityUtility command supports plain text encryption and SSL certificate creation for a Liberty profile.
Syntax
Syntax:
securityUtility task [options]
Where the options are different based on the value of task.
Parameters
The following tasks are available for the securityUtility command:
- encode
- Encodes the provided text using Base64. If no options are specified, the command enters interactive mode. Otherwise, the provided text is encoded. If the text includes spaces it must be put in quotation marks.
The options are:
- --encoding=encoding_type
- Specifies how to encode the password. Supported encodings are xor, aes, and hash. If this option is not provided, the default is xor.
- --key=encryption_key
- Key to be used when encoding using AES encryption. This string is hashed to produce an encryption key used to encrypt and decrypt the password. The key can be provided to the server by defining the variable wlp.password.encryption.key whose value is the key. If this option is not provided, a default key is used.
- --notrim
- Specify whether space characters are removed from the beginning and end of the specified text. If this option is specified, the provided text will be encoded as it is. If this option is not specified, space characters from the beginning and end of the specified text will be removed.
- text
- The text that is to be encoded.
See also The limits to protection through password encryption.
- createSSLCertificate
- Creates a default SSL certificate for use in server configuration. Generated keystore file key.js is placed under /resources/security directory of the server specified in --server name. The key algorithm is RSA and signature algorithm is SHA1 with RSA. For more control over the certificate creation, use keytool directly.
The options are:
- --server=name
- Liberty profile server for keystore creation. Required.
- --password=passwd
- The password to be used in the keystore, which must be at least six characters in length. Required.
- --passwordEncoding=foo_encoding_type
- Specifies how to encode the keystore password. Supported encodings are xor or aes. If this option is not provided, a default value of xor is used.
- --passwordkey=foo_encryption_key
- Key to use to encode the keystore password using AES encryption. This string is hashed to produce an encryption key used to encrypt and decrypt the password. The key can be provided to the server by defining the variable wlp.password.encryption.key whose value is the key. If this option is not provided, a default key is used.
- --validity=days
- Number of days that the certificate is valid, which must be equal to or greater than 365. If this option is not provided, a default value of 365 is used.
- --subject=DN
- The Distinguished Name (DN) for the certificate subject and issuer. If this option is not provided, a default value of CN=localhost,O=ibm,C=us is used.
- help
- Prints help information for a specified task.
Usage
The following examples demonstrate correct syntax:
securityUtility encode --encoding=aes GiveMeLiberty securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365 --subject=CN=mycompany,O=myOrg,C=myCountry securityUtility help createSSLCertificateCAUTION:
Different operating system might treat some characters differently. For the Windows environment, if we have ! in the input string, it needs to be escaped by the ^ character. For example,
D:\Liberty\images\855\Liberty855\wlp\bin>securityUtility encode "a^!"
Parent topic: Create SSL certificates from the command promptConcepts:
The limits to protection through password encryption Tasks:
Create SSL certificates from the command prompt Configure the web application and server for client certificate authentication Configure LDAP user registries with the Liberty profile Configure a basic user registry