Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)

SSLConfigCommands command group

Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties.

The SSLConfigCommands command group includes the following commands:

• createSSLConfig

• createSSLConfigProperty

• deleteSSLConfig

• getInheritedSSLConfig

• getSSLConfig

• getSSLConfigProperties

• listSSLCiphers

• listSSLConfigs

• listSSLConfigProperties

• listSSLRepertoires

• modifySSLConfig

createSSLConfig

The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. We can use the SSL configuration settings to make the SSL connections.

Target object None.

Required parameters

-alias

The name of the alias. (String, required)

-trustStoreNames

The key store that holds trust information used to validate the trust from remote connections. (String, required)

-keyStoreName

The key store that holds the personal certificates that provide identity for the connection. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-clientKeyAlias

The certificate alias name for the client. (String, optional)

-serverKeyAlias

The certificate alias name for the server. (String, optional)

-type

The type of SSL configuration. (String, optional)

-clientAuthentication

Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-securityLevel

The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)

-enabledCiphers

A list of ciphers used during SSL handshake. (String, optional)

-jsseProvider

One of the JSSE providers. (String, optional)

-clientAuthenticationSupported

Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-sslProtocol

The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)

-trustManagerObjectNames

A list of trust managers separated by commas. (String, optional)

-trustStoreScopeName

The management scope name of the trust store. (String, optional)

-keyStoreScopeName

The management scope name of the key store. (String, optional)

-keyManagerName

- Name of the Key Manager. (String, optional)

-keyManagerScopeName

Scope of the key manager. (String, optional)

-ssslKeyRingName

Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)

-v3timeout

- Time out in seconds for System SSL configuration types. Values range from 1 to 86400. (String, optional)

Example output

The command returns the configuration object name of the new SSL configuration object.

Examples:

Batch example...:

### Jacl

$AdminTask createSSLConfig {-alias testSSLCfg  -clientKeyAlias key1
-serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName
testKS -keyManagerName testKeyMgr}

• Jython string:

  AdminTask.createSSLConfig('[-alias testSSLCfg  -clientKeyAlias key1
  -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName
  testKS -keyManagerName testKeyMgr]')
  

• Use Jython list:

  AdminTask.createSSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias',
  'key1', '-serverKeyAlias', 'key2', '-trustStoreNames', 'trustKS',
  '–keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])
  

Interactive example...:

### Jacl

$AdminTask createSSLConfig {-interactive}

### Jython

AdminTask.createSSLConfig('-interactive')

createSSLConfigProperty

The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.

Target object None.

Required parameters

-sslConfigAliasName

The alias name of the SSL configuration. (String, required)

-propertyName

The name of the property. (String, required)

-propertyValue

The value of the property. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command does not return output.

Examples:

Batch example...:

### Jacl

$AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings
-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName
test.property -propertyValue testValue}

• Jython string:

  AdminTask.createSSLConfigProperty('[-sslConfigAliasName NodeDefaultSSLSettings
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName
  test.property -propertyValue testValue]')
  

• Use Jython list:

  AdminTask.createSSLConfigProperty(['-sslConfigAliasName', 'NodeDefaultSSLSettings',
  '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName',
  'test.property', '-propertyValue', 'testValue'])
  

Examples:

Batch example...:

Interactive example...:

### Jacl

$AdminTask createSSLConfigProperty {-interactive}

### Jython

AdminTask.createSSLConfigProperty('-interactive')

deleteSSLConfig

The deleteSSLConfig command deletes the SSL configuration object that you specify from the configuration.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command does not return output.

Examples:

Batch example...:

### Jacl

$AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName
(cell):localhostNode01Cell:(node):localhostNode01}

• Jython string:

  AdminTask.deleteSSLConfig('[-alias NodeDefaultSSLSettings -scopeName
  (cell):localhostNode01Cell:(node):localhostNode01]')
  

• Use Jython list:

  AdminTask.deleteSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName',
  '(cell):localhostNode01Cell:(node):localhostNode01'])
  

Interactive example...:

### Jacl

$AdminTask deleteSSLConfig {-interactive}

### Jython

AdminTask.deleteSSLConfig('-interactive')

getInheritedSSLConfig

The getInheritedSSLConfig command returns the SSL configuration alias and certificate alias from which a given management scope and direction inherits its SSL configuration information. This command only returns inheritance information; it does not return information about an SSL configuration that is effective for a give scope.

For example, by default in a Network Deployment environment, there are different SSL configuration effective at the cell and node levels. If you issue the getInheritedSSLConfig command, specifying the nodes management scope, you get the name of the SSL configuration for the cell, not the effective SSL configuration of the node, because the node inherits its configuration information from the cell.

Target object None

Required parameters and return values

-scopeName

The name of the management scope for which to find out where that management schope will inherit its SSL configuration. (String, required)

Optional parameters None

Example output

The command returns the SSL configuration alias and certificate alias from which the specified management scope and direction inherits its SSL configuration information.

Examples:

### Jacl

$AdminTask getInheritedSSLConfig {-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound}
CellDefaultSSLSettings,null

• Jython string:

  AdminTask.getInheritedSSLConfig('[-scopeName
  (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound]')
  CellDefaultSSLSettings,null
  

getSSLConfig

The getSSLConfig command obtains information about an SSL configuration and displays the settings.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output:

The command returns information about the SSL configuration of interest.

Examples:

Batch example...:

### Jacl

$AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName
(cell):localhostNode01Cell:(node):localhostNode01}

• Jython string:

  AdminTask.getSSLConfig('[-alias NodeDefaultSSLSettings -scopeName
  (cell):localhostNode01Cell:(node):localhostNode01]')
  

• Use Jython list:

  AdminTask.getSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName',
  '(cell):localhostNode01Cell:(node):localhostNode01'])
  

Interactive example...:

### Jacl

$AdminTask getSSLConfig {-interactive}

### Jython

AdminTask.getSSLConfig('-interactive')

getSSLConfigProperties

The getSSLConfigProperties command obtains information about SSL configuration properties.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

Example output

The command returns additional information about the SSL configuration properties.

Examples:

Batch example...:

### Jacl

$AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings
-scopeName (cell):localhostNode01Cell:(node):localhostNode01}

• Jython string:

  AdminTask.getSSLConfigProperties('[-sslConfigAliasName NodeDefaultSSLSettings
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
  

• Use Jython list:

  AdminTask.getSSLConfigProperties(['-sslConfigAliasName', 'NodeDefaultSSLSettings',
  '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
  

Interactive example...:

### Jacl

$AdminTask getSSLConfigProperties {-interactive}

### Jython

AdminTask.getSSLConfigProperties('-interactive')

listSSLCiphers

The listSSLCiphers command lists the SSL ciphers.

Target object None.

Required parameters

-securityLevel

The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)

Optional parameters

-sslConfigAliasName

The alias name of the SSL configuration. (String, optional)

-scopeName

The name of the scope. (String, optional)

Example output

The command returns a list of SSL ciphers.

Examples:

Batch example...:

### Jacl

$AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg
-securityLevel HIGH}

• Jython string:

  AdminTask.listSSLCiphers('[-sslConfigAliasName testSSLCfg
  -securityLevel HIGH]')
  

• Use Jython list:

  AdminTask.listSSLCiphers(['-sslConfigAliasName', 'testSSLCfg',
  '-securityLevel', 'HIGH'])
  

Interactive example...:

### Jacl

$AdminTask listSSLCiphers {-interactive}

### Jython

AdminTask.listSSLCiphers('-interactive')

listSSLConfigs

The listSSLConfigs command lists the defined SSL configurations within a management scope.

Target object None.

Optional parameters

-scopeName

The name of the scope. (String, optional)

-displayObjectName

Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

-all

Specify the value of this parameter as true to list all SSL configurations. This parameter overrides the scopeName parameter. The default value is false. (Boolean, optional)

Example output

The command returns a list of defined SSL configurations.

Examples:

Batch example...:

### Jacl

$AdminTask listSSLConfigs {-scopeName (cell): localhostNode01Cell:(node):localhostNode01
-displayObjectName true}

• Jython string:

  AdminTask.listSSLConfigs('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01
  -displayObjectName true]')
  

• Use Jython list:

  AdminTask.listSSLConfigs(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01',
  '-displayObjectName', 'true'])
  

Interactive example...:

### Jacl

$AdminTask listSSLConfigs {-interactive}

### Jython

AdminTask.listSSLConfigs('-interactive')

listSSLConfigProperties

The listSSLConfigProperties command lists the properties for an SSL configuration.

Target object None.

Required parameters

-alias

The alias name of the SSL configuration. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-displayObjectName

Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

Example output

The command returns SSL configuration properties.

Examples:

Batch example...:

### Jacl

$AdminTask listSSLConfigProperty {-alias SSL123 -scopeName
(cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}

• Jython string:

  AdminTask.listSSLConfigProperty('[-alias SSL123 -scopeName
  (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
  

• Use Jython list:

  AdminTask.listSSLConfigProperty(['-alias', 'SSL123', '-scopeName',
  '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
  

Interactive example...:

### Jacl

$AdminTask listSSLConfigProperties {-interactive}

### Jython

AdminTask.listSSLConfigProperties('-interactive')

listSSLRepertoires

The listSSLRepertoires command lists all of the SSL configuration instances that you can associate with an SSL inbound channel.If you create a new SSL alias using the admin console, the alias name is automatically created in the node_name/alias_name format. However, if you create a new SSL alias using wsadmin, you must create the SSL alias and specify both the node name and alias name in the node_name/alias_name format.

Target object SSLInboundChannel instance for which the SSLConfig candidates are listed.

Required parameters None.

Optional parameters None.

Sample output The command returns a list of eligible SSL configuration object names.

Examples:

Batch example...:

### Jacl

$AdminTask listSSLRepertoires SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/
server2|server.xml#SSLInboundChannel_1093445762330)

• Jython string:

  print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/
  servers/server2|server.xml#SSLInboundChannel_1093445762330)')
  

• Use Jython list:

  print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/
  servers/server2|server.xml#SSLInboundChannel_1093445762330)')
  

Interactive example...:

### Jacl

$AdminTask listSSLRepertoires {-interactive}

### Jython

print AdminTask.listSSLRepertoires('-interactive')

modifySSLConfig

The modifySSLConfig command modifies the settings of an existing SSL configuration.

Target object None.

Required parameters

-alias

The name of the alias. (String, required)

Optional parameters

-scopeName

The name of the scope. (String, optional)

-clientKeyAlias

The certificate alias name for the client. (String, optional)

-serverKeyAlias

The certificate alias name for the server. (String, optional)

-clientAuthentication

Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-securityLevel

The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)

-enabledCiphers

A list of ciphers used during SSL handshake. (String, optional)

-jsseProvider

One of the JSSE providers. (String, optional)

-clientAuthenticationSupported

Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-sslProtocol

The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)

-trustManagerObjectNames

A list of trust managers separated by commas. (String, optional)

-trustStoreName

The key store that holds trust information used to validate the trust from remote connections. (String, optional)

-trustStoreScopeName

The management scope name of the trust store. (String, optional)

-keyStoreName

The key store that holds the personal certificates that provide identity for the connection. (String, optional)

-keyStoreScopeName

The management scope name of the key store. (String, optional)

-keyManagerName

- Name of the Key Manager. (String, optional)

-keyManagerScopeName

Scope of the key manager. (String, optional)

-ssslKeyRingName

Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)

-v3timeout

- Time out in seconds for System SSL configuration types. Values range from 1 to 86400. (String, optional)

Example output

The command does not return output.

Examples:

Batch example...:

### Jacl

$AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1
-serverKeyAlias tstKey2 -securityLevel LOW}

• Jython string:

  AdminTask.modifySSLConfig('[-alias testSSLCfg -clientKeyAlias tstKey1
  -serverKeyAlias tstKey2 -securityLevel LOW]')
  

• Use Jython list:

  AdminTask.modifySSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'tstKey1',
  '-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])
  

Interactive example...:

### Jacl

$AdminTask modifySSLConfig {-interactive}

### Jython

AdminTask.modifySSLConfig('-interactive')

Key management for cryptographic uses
Use the wsadmin scripting AdminTask object for scripted administration
Automate SSL configurations using scripting
Create an SSL configuration at the node scope using scripting

+

Search Tips   |   Advanced Search