KeyStoreCommands command group for the AdminTask object

 

You can use the Jython or Jacl scripting languages to configure key stores with the wsadmin tool. A key store is created by the appserver during install and can contain cryptographic keys or certificates. The commands and parameters in the KeyStoreCommands group can be used to create, delete, and manage key stores. The KeyStoreCommands command group for the AdminTask object includes the following commands:

• changeMultipleKeyStorePasswords

• createKeyStore

• createCMSKeyStore

• deleteKeyStore

• exchangeSigners

• getKeyStoreInfo

• listKeyFileAliases

• listKeyStores

• listKeyStoresTypes

 

changeMultipleKeyStorePasswords

The changeMultipleKeyStorePasswords command updates all of the key stores in the configuration that have a give password and changed them to a new password. This is useful because when you create key store files on the system, they will have WebAS as a password by default.

Parameters and return values

-keyStorePassword

Specifies the name of the password to change. (String, required)

-newKeyStorePassword

Specifies the new password that you will use to access the key store. (String, required)

-newKeyStorePassword Verify

Confirms the new key store password. (String, required)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask changeMultipleKeyStorePasswords {-keyStorePassword WebAS -newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd}
  

• Use Jython string:

  AdminTask.changeMultipleKeyStorePasswords ('[-keyStorePassword WebAS -newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd]')
  

• Use Jython list:

  AdminTask.changeMultipleKeyStorePasswords (['-keyStorePassword', 'WebAS', '-newKeyStorePassword', 'newpwd', '-newKeyStorePasswordVerify', 'newpwd'])
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask changeMultipleKeyStorePasswords {-interactive}
  

• Use Jython string:

  AdminTask.changeMultipleKeyStorePasswords ('[-interactive]')
  

• Use Jython list:

  AdminTask.changeMultipleKeyStorePasswords (['-interactive'])
  

 

createKeyStore

The createKeyStore command creates the key store settings in the configuration and the key store database.

Parameters and return values

-keyStoreName

The name that uniquely identifies the key store configuration object. (String, required)

-keyStoreType

The implementation of the key store management. (String, required)

-keyStoreLocation

The location of the key store. For file based, the location is the files system path to the key store database. For hardware key store, the location is the path to the token library. (String, required)

-keyStorePassword

The password that protects the key store. (String, required)

-keyStorePasswordVerify

The password that protects the key store. (String, required)

-keyStoreProvider

The provider used to implement the key store. (String, optional)

-isKeyStoreFileBased

Set the value of this parameter to true if the key store is file based. Set the value of this parameter to false for hardware crypto key stores. (Boolean, optional)

-keyStoreHostList

A list of host names that indicate from where the key store is remotely managed, separated by commas. (String, optional)

-keyStoreInitAtStartup

Set the value of this parameter to true if the key store is initialized at startup. Otherwise, set the value of this parameter to false. (Boolean, optional)

-keyStoreReadOnly

Set the value of this parameter to true if you cannot write to the key store. Otherwise, set the value of this parameter to false. (Boolean, optional)

-keyStoreStashFile

Set the value of this parameter to true if you want to create stash files for CMS type key store. Otherwise, set the value of this parameter to false. (Boolean, optional)

-scopeName

The name of the scope. (String, optional)

-enableCryptoOperations

Specifies if the key store object will be used for hardware cryptographic operations or not. The default value is false. (Boolean, optional)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask createKeyStore {-keyStoreName testKS -location c:\temp\testKeyFile.p12 keyStorePassword testpwd -keyStorePasswordVerify testpwd -isKeyStoreFileBased true -keyStoreInitAtStartup true -keyStoreReadOnly false}
  

• Use Jython string:

  AdminTask.createKeyStore ('[-keyStoreName testKS -location c:\temp\testKeyFile.p12 keyStorePassword testpwd -keyStorePasswordVerify testpwd -isKeyStoreFileBased true -keyStoreInitAtStartup true -keyStoreReadOnly false]')
  

• Use Jython list:

  AdminTask.createKeyStore (['-keyStoreName', 'testKS', '-location', 'c:\temp\testKeyFile.p12', 'keyStorePassword', 'testpwd', '-keyStorePasswordVerify', 'testpwd', '-isKeyStoreFileBased', 'true', '-keyStoreInitAtStartup', 'true', '-keyStoreReadOnly', 'false'])
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask createKeyStore {-interactive}
  

• Use Jython string:

  AdminTask.createKeyStore ('[-interactive]')
  

• Use Jython list:

  AdminTask.createKeyStore (['-interactive'])
  

 

createCMSKeyStore

The createCMSKeyStore command creates a CMS key store database and the key store settings in the configuration.

Parameters and return values

-cmsKeyStoreURI

The URI of the CMS key store. (String, required)

-pluginHostName

The host name of the plug-in. (String, required)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask createCMSKeyStore
  

• Use Jython:

  AdminTask.createCMSKeyStore()
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask createCMSKeyStore {-interactive}
  

• Use Jython string:

  AdminTask.createCMSKeyStore ('[-interactive]')
  

• Use Jython list:

  AdminTask.createCMSKeyStore (['-interactive'])
  

 

deleteKeyStore

The deleteKeyStore command deletes the settings of a key store from the configuration and the key store file.

Parameters and return values

-name

The name that uniquely identifies the key store to delete. (String, required)

-scopeName

The name of the scope. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask deleteKeyStore {-name testKS}
  

• Use Jython string:

  AdminTask.deleteKeyStore ('[-name testKS]')
  

• Use Jython list:

  AdminTask.deleteKeyStore (['-name', 'testKS'])
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask deleteKeyStore {-interactive}
  

• Use Jython string:

  AdminTask.deleteKeyStore ('[-interactive]')
  

• Use Jython list:

  AdminTask.deleteKeyStore (['-interactive'])
  

 

exchangeSigners

The exchangeSigners command exchange signer certificate between key stores.

Parameters and return values

-keyStoreName1

The name that uniquely identifies a key store. You must specify a second key store name using the keyStoreName2 parameter. (String, required)

-keyStoreScope1

The scope name of the key store specified with the keyStoreName1 parameter. (String, required)

-certificateAlaisList1

A list of aliases separated by a comma. (String, optional)

-keyStoreName2

The name that uniquely identifies a key store. You must specify a second key store name using the keyStoreName1 parameter. (String, required)

-keyStoreScope2

The scope name of the key store specified with the keyStoreName2 parameter. (String, required)

-certificateAliasList2

A list of aliases separated by a comma. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask exchangeSigners {-keyStoreName1 testKS -certificateAliasList1 testCert1 -keyStoreName2 secondKS -certificateAlaisList2 certAlis}
  

• Use Jython string:

  AdminTask.exchangeSigners ('[-keyStoreName1 testKS -certificateAliasList1 testCert1 -keyStoreName2 secondKS -certificateAlaisList2 certAlis]')
  

• Use Jython list:

  AdminTask.exchangeSigners (['-keyStoreName1', 'testKS', '-certificateAliasList1', 'testCert1', '-keyStoreName2', 'secondKS', '-certificateAlaisList2', 'certAlis'])
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask exchangeSigners {-interactive}
  

• Use Jython string:

  AdminTask.exchangeSigners ('[-interactive]')
  

• Use Jython list:

  AdminTask.exchangeSigners (['-interactive'])
  

 

getKeyStoreInfo

The getKeyStoreInfo command displays the settings of a particular key store.

Parameters and return values

-name

The name that uniquely identifies the key store. (String, required)

-scopeName

The name of the scope. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask getKeyStore {-name testKS}
  

• Use Jython string:

  AdminTask.getKeyStore ('[-name testKS]')
  

• Use Jython list:

  AdminTask.getKeyStore (['-name', 'testKS'])
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask getKeyStoreInfo {-interactive}
  

• Use Jython string:

  AdminTask.getKeyStoreInfo ('[-interactive]')
  

• Use Jython list:

  AdminTask.getKeyStoreInfo (['-interactive'])
  

 

listKeyFileAliases

The listKeyFileAliases command lists the certificates in a key store file.

Parameters and return values

-keyFilePath

The path of the key file. (String, required)

-keyFilePassword

The password for the key file. (String, required)

-keyFileType

The key file type. (String, required)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask listKeyFileAliases {-keyFilePath c:\temp\testKeyFile.p12 -keyFilePassword testPwd -keyFileType PKCS12}
  

• Use Jython string:

  AdminTask.listKeyFileAliases ('[-keyFilePaht c:\temp\testKeyFile.p12 -keyFilePassword testPwd -keyFileType PKCS12]')
  

• Use Jython list:

  AdminTask.listKeyFileAliases (['-keyFilePaht', 'c:\temp\testKeyFile.p12', '-keyFilePassword', 'testPwd', '-keyFileType', 'PKCS12'])
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask listKeyFileAliases {-interactive}
  

• Use Jython string:

  AdminTask.listKeyFileAliases ('[-interactive]')
  

• Use Jython list:

  AdminTask.listKeyFileAliases (['-interactive'])
  

 

listKeyStores

The listKeyStores command lists the key store for a particular scope.

Parameters and return values

-displayObjectName

Set the value of this parameter to true to list the key store configuration objects within a scope. Set the value of this parameter to false to list the strings that contain the key store name and management scope. (String, optional)

-scopeName

The name of the scope. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask listKeyStores
  

• Use Jython:

  AdminTask.listKeyStores()
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask listKeyStores {-interactive}
  

• Use Jython string:

  AdminTask.listKeyStores ('[-interactive]')
  

• Use Jython list:

  AdminTask.listKeyStores (['-interactive'])
  

 

listKeyStoresTypes

The listKeyStoresTypes command lists all valid key store types.

Parameters and return values

• Parameters: None

• Returns: A list of key store types.

Examples

Batch mode example usage:

• Use Jacl:

  $AdminTask listKeyStoreTypes
  

• Use Jython:

  AdminTask.listKeyStoreTypes()
  

Interactive mode example usage:

• Use Jacl:

  $AdminTask listKeyStoresTypes {-interactive}
  

• Use Jython string:

  AdminTask.listKeyStoresTypes ('[-interactive]')
  

• Use Jython list:

  AdminTask.listKeyStoresTypes (['-interactive'])
  

---

 

Related tasks

Use the AdminTask object for scripted administration

 

Related Reference

Commands for the AdminTask object

 

Reference topic