SSLConfigCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigCommands group can be used to create and manage SSL configurations and properties. The SSLConfigCommands command group for the AdminTask object includes the following commands:
- createSSLConfig
- createSSLConfigProperty
- deleteSSLConfig
- getSSLConfig
- getSSLConfigProperties
- listSSLCiphers
- listSSLConfig
- listSSLConfigProperties
- modifySSLConfig
createSSLConfig
The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. You can use the SSL configuration settings to make the SSL connections.
Target object None.
Required parameters and return values
- -alias
- The name of the alias. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- -clientKeyAlias
- The certificate alias name for the client. (String, optional)
- -serverKeyAlias
- The certificate alias name for the server. (String, optional)
- -type
- The type of SSL configuration. (String, optional)
- -clientAuthentication
- Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
- -securityLevel
- The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, optional)
- -enabledCiphers
- A list of ciphers used during SSL handshake. (String, optional)
- -jsseProvider
- One of the JSSE providers. (String, optional)
- -clientAuthenticationSupported
- Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
- -sslProtocol
- The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)
- -trustManagerObjectName
- A list of trust managers separated by commas. (String, optional)
- -trustStoreNames
- The key store that holds trust information used to validate the trust from remote connections. (String, required)
- -trustStoreScopeName
- The management scope name of the trust store. (String, optional)
- -keyStoreName
- The key store that holds the personal certificates that provide identity for the connection. (String, required)
- -keyStoreScopeName
- The management scope name of the key store. (String, optional)
- -ssslKeyRingName
- Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)
- Returns: The configuration object name of the SSL configuration object that you created.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask createSSLConfig {-alias testSSLCfg -clientKeyAlias key1 -serverKeyAlias key2 -trustStoreName trustKS –keyStoreName testKS -keyManagerName testKeyMgr}
- Use Jython string:
AdminTask.createSSLConfig ('[-alias testSSLCfg -clientKeyAlias key1 -serverKeyAlias key2 -trustStoreName trustKS –keyStoreName testKS -keyManagerName testKeyMgr]')
- Use Jython list:
AdminTask.createSSLConfig (['-alias', 'testSSLCfg', '-clientKeyAlias', 'key1', '-serverKeyAlias', 'key2', '-trustStoreName', 'trustKS', '–keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])
Interactive mode example usage:
- Use Jacl:
$AdminTask createSSLConfig {-interactive}
- Use Jython string:
AdminTask.createSSLConfig ('[-interactive]')
- Use Jython list:
AdminTask.createSSLConfig (['-interactive'])
createSSLConfigProperty
The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.
Target object None.
Required parameters and return values
- -sslConfigAliasName
- The alias name of the SSL configuration. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- -propertyName
- The name of the property. (String, required)
- -propertyValue
- The value of the property. (String, required)
- Returns: None.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName test.property -propertyValue testValue}
- Use Jython string:
AdminTask.createSSLConfigProperty ('[-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName test.property -propertyValue testValue]')
- Use Jython list:
AdminTask.createSSLConfigProperty (['-sslConfigAliasName', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName', 'test.property', '-propertyValue', 'testValue'])
Interactive mode example usage:
- Use Jacl:
$AdminTask createSSLConfigProperty {-interactive}
- Use Jython string:
AdminTask.createSSLConfigProperty ('[-interactive]')
- Use Jython list:
AdminTask.createSSLConfigProperty (['-interactive'])
deleteSSLConfig
The deleteSSLConfig command deletes the SSL configuration object specified from the configuration.
Target object None.
Required parameters and return values
- -alias
- The name of the alias. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- Returns: None.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
- Use Jython string:
AdminTask.deleteSSLConfig ('[-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
- Use Jython list:
AdminTask.deleteSSLConfig (['-alias', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode example usage:
- Use Jacl:
$AdminTask deleteSSLConfig {-interactive}
- Use Jython string:
AdminTask.deleteSSLConfig ('[-interactive]')
- Use Jython list:
AdminTask.deleteSSLConfig (['-interactive'])
getSSLConfig
The getSSLConfig command obtains information about an SSL configuration and displays the settings.
Target object None.
Required parameters and return values
- -alias
- The name of the alias. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- Returns: Information about the SSL configuration specified.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 }
- Use Jython string:
AdminTask.getSSLConfig ('[-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
- Use Jython list:
AdminTask.getSSLConfig (['-alias', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode example usage:
- Use Jacl:
$AdminTask getSSLConfig {-interactive}
- Use Jython string:
AdminTask.getSSLConfig ('[-interactive]')
- Use Jython list:
AdminTask.getSSLConfig (['-interactive'])
getSSLConfigProperties
The getSSLConfigProperties command obtains information about SSL configuration properties.
Target object None.
Required parameters and return values
- -alias
- The name of the alias. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- Returns: Information about SSL configuration properties.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
- Use Jython string:
AdminTask.getSSLConfigProperties ('[-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
- Use Jython list:
AdminTask.getSSLConfigProperties (['-sslConfigAliasName', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode example usage:
- Use Jacl:
$AdminTask getSSLConfigProperties {-interactive}
- Use Jython string:
AdminTask.getSSLConfigProperties ('[-interactive]')
- Use Jython list:
AdminTask.getSSLConfigProperties (['-interactive'])
listSSLCiphers
The listSSLCiphers command lists the SSL ciphers.
Target object None.
Required parameters and return values
- -sslConfigAliasName
- The alias name of the SSL configuration. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- -securityLevel
- The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)
- -provider
- (String, optional)
- Returns: A list of SSL ciphers.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg -securityLevel HIGH}
- Use Jython string:
AdminTask.listSSLCiphers ('[-sslConfigAliasName testSSLCfg -securityLevel HIGH]')
- Use Jython list:
AdminTask.listSSLCiphers (['-sslConfigAliasName', 'testSSLCfg', '-securityLevel', 'HIGH'])
Interactive mode example usage:
- Use Jacl:
$AdminTask listSSLCiphers {-interactive}
- Use Jython string:
AdminTask.listSSLCiphers ('[-interactive]')
- Use Jython list:
AdminTask.listSSLCiphers (['-interactive'])
listSSLConfig
The listSSLConfig command lists the defined SSL configurations within a management scope.
Target object None.
Required parameters and return values
- -scopeName
- The name of the scope. (String, optional)
- -displayObjectName
- Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)
- Returns: A list of defined SSL configurations.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask listSSLConfig {-scopeName (cell): localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
- Use Jython string:
AdminTask.listSSLConfig('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
- Use Jython list:
AdminTask.listSSLConfig(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
Interactive mode example usage:
- Use Jacl:
$AdminTask listSSLConfig {-interactive}
- Use Jython string:
AdminTask.listSSLConfig('[-interactive]')
- Use Jython list:
AdminTask.listSSLConfig(['-interactive'])
listSSLConfigProperties
The listSSLConfigProperties command lists the properties for a SSL configuration.
Target object None.
Required parameters and return values
- -sslConfigAliasName
- The alias name of the SSL configuration. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- -displayObjectName
- Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)
- Returns: A list of properties.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask listSSLConfigProperty {-alias No deDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
- Use Jython string:
AdminTask.listSSLConfigProperty('[-alias No deDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
- Use Jython list:
AdminTask.listSSLConfigProperty(['-alias', 'No', 'deDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
Interactive mode example usage:
- Use Jacl:
$AdminTask listSSLConfigProperties {-interactive}
- Use Jython string:
AdminTask.listSSLConfigProperties('[-interactive]')
- Use Jython list:
AdminTask.listSSLConfigProperties(['-interactive'])
modifySSLConfig
The modifySSLConfig command modifies the settings of an existing SSL configuration.
Target object None.
Required parameters and return values
- -alias
- The name of the alias. (String, required)
- -scopeName
- The name of the scope. (String, optional)
- -clientKeyAlias
- The certificate alias name for the client. (String, optional)
- -serverKeyAlias
- The certificate alias name for the server. (String, optional)
- -type
- The type of SSL configuration. (String, optional)
- -clientAuthentication
- Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
- -securityLevel
- The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, optional)
- -enabledCiphers
- A list of ciphers used during SSL handshake. (String, optional)
- -jsseProvider
- One of the JSSE providers. (String, optional)
- -clientAuthenticationSupported
- Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
- -sslProtocol
- The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)
- -trustManagerObjectNames
- A list of trust managers separated by commas. (String, optional)
- -trustStoreName
- The key store that holds trust information used to validate the trust from remote connections. (String, optional)
- -trustStoreScopeName
- The management scope name of the trust store. (String, optional)
- -keyStoreName
- The key store that holds the personal certificates that provide identity for the connection. (String, optional)
- -keyStoreScopeName
- The management scope name of the key store. (String, optional)
- -ssslKeyRingName
- Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)
- Returns: None.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1 -serverKeyAlias tstKey2 -securityLevel LOW}
- Use Jython string:
AdminTask.modifySSLConfig ('[-alias testSSLCfg -clientKeyAlias tstKey1 -serverKeyAlias tstKey2 -securityLevel LOW]')
- Use Jython list:
AdminTask.modifySSLConfig (['-alias', 'testSSLCfg', '-clientKeyAlias', 'tstKey1', '-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])
Interactive mode example usage:
- Use Jacl:
$AdminTask modifySSLConfig {-interactive}
- Use Jython string:
AdminTask.modifySSLConfig ('[-interactive]')
- Use Jython list:
AdminTask.modifySSLConfig (['-interactive'])
Related tasks
Use the AdminTask object for scripted administration
Related Reference
Commands for the AdminTask object
Reference topic