Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Use properties files to manage system configuration > Manage specific configuration objects using properties files > Work with security properties files > Work with SSL configuration properties files

Work with secure socket layer properties files

We can use properties files to create, modify, or delete secure socket layer properties.

Determine the changes to make to your secure socket layer object or its properties.

Start the wsadmin scripting tool.

To start wsadmin using the Jython language, run the wsadmin -lang Jython command from the bin directory of the server profile.

Use a properties file, you can create, modify, or delete a secure socket layer object.

Run administrative commands using wsadmin to create or change a properties file for a secure socket layer, validate the properties, and apply them.

Actions for secure socket layer properties files. We can create, modify, and delete secure socket layer properties.

Action	Procedure
create	Set required properties and then run the applyConfigProperties command.
modify	Edit any properties and then run the applyConfigProperties command..
delete	To delete the entire SecureSocketLayer object, uncomment #DELETE=true and then run the deleteConfigProperties command.
create Property	Not applicable
delete Property	Not applicable

Optionally, you can use interactive mode with the commands:

AdminTask.command_name('-interactive')

Procedure

• Create a properties file for a secure socket layer.

  1. Set SecureSocketLayer properties as needed.

     Open an editor on a SecureSocketLayer properties file. Modify the Environment Variables section to match the system and set any property value that needs to be changed.

     To specify a custom property, edit the AttributeInfo value and properties. An example SecureSocketLayer properties file follows:

     #
     # Header
     #
     ResourceType=SecureSocketLayer
     ImplementingResourceType=Security
     ResourceId=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSettings,managementScope#
     "Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"":SecureSocketLayer=
     AttributeInfo=setting
     #
     
     #
     #Properties
     #
     keyFileName=null
     enableCryptoHardwareSupport=false #boolean,default(false)
     serverKeyAlias=null
     sslProtocol=SSL_TLS
     clientAuthentication=false #boolean,default(false)
     securityLevel=HIGH #ENUM(MEDIUM|HIGH|CUSTOM|LOW),default(HIGH)
     keyFileFormat=JKS #ENUM(JCEK|JKS|JCERACFKS|JCE4758RACFKS|PKCS12),default(JKS)
     CryptoHardwareToken"=null
     keyStore=CellDefaultKeyStore #ObjectName(KeyStore)
     enabledCiphers=
     keyManager=IbmX509 #ObjectName(KeyManager)
     trustFileFormat=JKS #ENUM(JCEK|JKS|JCERACFKS|JCE4758RACFKS|PKCS12),default(JKS)
     clientAuthenticationSupported=false #boolean,default(false)
     trustStore=CellDefaultTrustStore #ObjectName(KeyStore)
     keyFilePassword=null
     jsseProvider=IBMJSSE2
     clientKeyAlias=null
     trustFileName=null
     trustFilePassword=null
     trustManager={IbmPKIX} #ObjectName*(TrustManager)
     
     #
     EnvironmentVariablesSection
     #Environment Variables
     cellName=myCell
     

  2. Run applyConfigProperties to create or change a secure socket layer object.

     Run the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:

     AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt '])
     

• Modify an existing properties file.
  1. Obtain a properties file for the SecureSocketLayer object to change.

     We can extract a properties file for a SecureSocketLayer object using the extractConfigProperties command.

  2. Open the properties file in an editor and change the properties as needed.

     Ensure that the environment variables in the properties file match the system.

  3. Run applyConfigProperties.

• If you no longer need the secure socket layer object, you can delete the entire SSL object.

  To delete the entire object, specify DELETE=true in the header section of the properties file and run deleteConfigProperties; for example:

  AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
  

Results

We can use the properties file to configure and manage the secure socket layer object and its properties.

What to do next

Save the changes to the configuration.
Extract properties files using wsadmin.sh
Create server, cluster, application, or authorization group objects using properties files and wsadmin scripting
Delete server, cluster, application, or authorization group objects using properties files

Related

PropertiesBasedConfiguration command group using wsadmin.sh

+

Search Tips   |   Advanced Search