SSLConfigCommands

Use the Jython or Jacl scripting languages to configure security with wsadmin. The commands and parameters in the SSLConfigCommands group can be used to create and manage SSL configurations and properties.

The SSLConfigCommands includes the following commands:

• createSSLConfig
• createSSLConfigProperty
• deleteSSLConfig
• getSSLConfig
• getSSLConfigProperties
• listSSLCiphers
• listSSLConfigs
• listSSLConfigProperties
• listSSLRepertoires
• modifySSLConfig

 

createSSLConfig

The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. Use the SSL settings to make the SSL connections.

Target object

None.

Required parameters

-alias

The name of the alias. (String, required)

-trustStoreNames

The key store that holds trust information used to validate the trust from remote connections. (String, required)

-keyStoreName

The key store that holds the personal certificates that provide identity for the connection. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-clientKeyAlias

The certificate alias name for the client. (String, optional)

-serverKeyAlias

The certificate alias name for the server. (String, optional)

-type

The type of SSL configuration. (String, optional)

-clientAuthentication

Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-securityLevel

The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, optional)

-enabledCiphers

A list of ciphers used during SSL handshake. (String, optional)

-jsseProvider

One of the JSSE providers. (String, optional)

-clientAuthenticationSupported

Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-sslProtocol

The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)

-trustManagerObjectName

A list of trust managers separated by commas. (String, optional)

-trustStoreScopeName

The management scope name of the trust store. (String, optional)

-keyStoreScopeName

The management scope name of the key store. (String, optional)

-ssslKeyRingName

System SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)

Example output

The command returns the configuration object name of the new SSL configuration object.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask createSSLConfig {-alias testSSLCfg  -clientKeyAlias key1 
  -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName  
  testKS -keyManagerName testKeyMgr}
  

• Use Jython string:

  AdminTask.createSSLConfig('[-alias testSSLCfg  -clientKeyAlias key1 
  -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName 
  testKS -keyManagerName testKeyMgr]')
  

• Use Jython list:

  AdminTask.createSSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 
  'key1', '-serverKeyAlias', 'key2', '-trustStoreNames', 'trustKS', 
  '–keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask createSSLConfig {-interactive}
  

• Jython...

  AdminTask.createSSLConfig('-interactive')
  

 

createSSLConfigProperty

The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL settings that are different than the settings in the SSL configuration object.

Target object

None.

Required parameters

-sslConfigAliasName

The alias name of the SSL configuration. (String, required)

-propertyName

The name of the property. (String, required)

-propertyValue

The value of the property. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName  test.property -propertyValue testValue}
  

• Use Jython string:

  AdminTask.createSSLConfigProperty('[-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName  test.property -propertyValue testValue]')
  

• Use Jython list:

  AdminTask.createSSLConfigProperty(['-sslConfigAliasName', 'NodeDefaultSSLSettings', 
  '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName', 
  'test.property', '-propertyValue', 'testValue'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask createSSLConfigProperty {-interactive}
  

• Jython...

  AdminTask.createSSLConfigProperty('-interactive')
  

 

deleteSSLConfig

The deleteSSLConfig command deletes the SSL configuration object specified from the configuration.

Target object

None.

Required parameters and return values

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01}
  

• Use Jython string:

  AdminTask.deleteSSLConfig('[-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01]')
  

• Use Jython list:

  AdminTask.deleteSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', 
  '(cell):localhostNode01Cell:(node):localhostNode01'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask deleteSSLConfig {-interactive}
  

• Jython...

  AdminTask.deleteSSLConfig('-interactive')
  

 

getSSLConfig

The getSSLConfig command obtains information about an SSL configuration and displays the settings.

Target object

None.

Required parameters and return values

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command returns information about the SSL configuration of interest.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01}
  

• Use Jython string:

  AdminTask.getSSLConfig('[-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01]')
  

• Use Jython list:

  AdminTask.getSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', 
  '(cell):localhostNode01Cell:(node):localhostNode01'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask getSSLConfig {-interactive}
  

• Jython...

  AdminTask.getSSLConfig('-interactive')
  

 

getSSLConfigProperties

The getSSLConfigProperties command obtains information about SSL configuration properties.

Target object

None.

Required parameters and return values

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command returns additional information about the SSL configuration properties.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
  

• Use Jython string:

  AdminTask.getSSLConfigProperties('[-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
  

• Use Jython list:

  AdminTask.getSSLConfigProperties(['-sslConfigAliasName', 'NodeDefaultSSLSettings', 
  '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask getSSLConfigProperties {-interactive}
  

• Jython...

  AdminTask.getSSLConfigProperties('-interactive')
  

 

listSSLCiphers

The listSSLCiphers command lists the SSL ciphers.

Target object

None.

Required parameters

-sslConfigAliasName

The alias name of the SSL configuration. (String, required)

-securityLevel

The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-provider

(String, optional)

Example output

The command returns a list of SSL ciphers.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg 
  -securityLevel HIGH}
  

• Use Jython string:

  AdminTask.listSSLCiphers('[-sslConfigAliasName testSSLCfg 
  -securityLevel HIGH]')
  

• Use Jython list:

  AdminTask.listSSLCiphers(['-sslConfigAliasName', 'testSSLCfg', 
  '-securityLevel', 'HIGH'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask listSSLCiphers {-interactive}
  

• Jython...

  AdminTask.listSSLCiphers('-interactive')
  

 

listSSLConfigs

The listSSLConfigs command lists the defined SSL configurations within a management scope.

Target object

None.

Optional parameters

-scopeName

The name of the scope. (String, optional)

-displayObjectName

Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

-all

Specify the value of this parameter as true to list all SSL configurations. This parameter overrides the scopeName parameter. The default value is false. (Boolean, optional)

Example output

The command returns a list of defined SSL configurations.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask listSSLConfigs {-scopeName (cell): localhostNode01Cell:(node):localhostNode01 
  -displayObjectName true}
  

• Use Jython string:

  AdminTask.listSSLConfigs('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 
  -displayObjectName true]')
  

• Use Jython list:

  AdminTask.listSSLConfigs(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', 
  '-displayObjectName', 'true'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask listSSLConfigs {-interactive}
  

• Jython...

  AdminTask.listSSLConfigs('-interactive')
  

 

listSSLConfigProperties

The listSSLConfigProperties command lists the properties for an SSL configuration.

Target object

None.

Required parameters

-alias

The alias name of the SSL configuration. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-displayObjectName

Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

Example output

The command returns SSL configuration properties.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask listSSLConfigProperty {-alias SSL123 -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
  

• Use Jython string:

  AdminTask.listSSLConfigProperty('[-alias SSL123 -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
  

• Use Jython list:

  AdminTask.listSSLConfigProperty(['-alias', 'SSL123', '-scopeName', 
  '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask listSSLConfigProperties {-interactive}
  

• Jython...

  AdminTask.listSSLConfigProperties('-interactive')
  

 

listSSLRepertoires

The listSSLRepertoires command lists all of the SSL configuration instances that we can associate with an SSL inbound channel.If we create a new SSL alias using the admin console, the alias name is automatically created in the mynode/alias_name format. However, if we create a new SSL alias using wsadmin, create the SSL alias and specify both the node name and alias name in the mynode/alias_name format.

Target object SSLInboundChannel instance for which the SSLConfig candidates are listed.

Required parameters None.

Optional parametersNone.

Sample output The command returns a list of eligible SSL configuration object names.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask listSSLRepertoires SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/ server2|server.xml#SSLInboundChannel_1093445762330)
  

• Use Jython string:

  print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/ servers/server2|server.xml#SSLInboundChannel_1093445762330)')
  

• Use Jython list:

  print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/ servers/server2|server.xml#SSLInboundChannel_1093445762330)')
  

Interactive mode example usage:

• Jacl...

  $AdminTask listSSLRepertoires {-interactive}
  

• Jython...

  print AdminTask.listSSLRepertoires('-interactive')
  

 

modifySSLConfig

The modifySSLConfig command modifies the settings of an existing SSL configuration.

Target object

None.

Required parameters

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-clientKeyAlias

The certificate alias name for the client. (String, optional)

-serverKeyAlias

The certificate alias name for the server. (String, optional)

-type

The type of SSL configuration. (String, optional)

-clientAuthentication

Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-securityLevel

The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, optional)

-enabledCiphers

A list of ciphers used during SSL handshake. (String, optional)

-jsseProvider

One of the JSSE providers. (String, optional)

-clientAuthenticationSupported

Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-sslProtocol

The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)

-trustManagerObjectNames

A list of trust managers separated by commas. (String, optional)

-trustStoreNames

The key store that holds trust information used to validate the trust from remote connections. (String, optional)

-trustStoreScopeName

The management scope name of the trust store. (String, optional)

-keyStoreName

The key store that holds the personal certificates that provide identity for the connection. (String, optional)

-keyStoreScopeName

The management scope name of the key store. (String, optional)

-ssslKeyRingName

System SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Jacl...

  $AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1 
  -serverKeyAlias tstKey2 -securityLevel LOW}
  

• Use Jython string:

  AdminTask.modifySSLConfig('[-alias testSSLCfg -clientKeyAlias tstKey1 
  -serverKeyAlias tstKey2 -securityLevel LOW]')
  

• Use Jython list:

  AdminTask.modifySSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'tstKey1', 
  '-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask modifySSLConfig {-interactive}
  

• Jython...

  AdminTask.modifySSLConfig('-interactive')
  

---

Related concepts

Key management for cryptographic uses

 

Related tasks

Use AdminTask for scripted administration
Automating SSL configurations using scripting
Create an SSL configuration at the node scope using scripting