WAS v8.5 > Reference > Commands (wsadmin scripting)SSLConfigCommands command group for AdminTask
We can use the Jython or Jacl scripting languages to configure security with wsadmin. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties.
createSSLConfig
Create an SSL configuration based on key store and trust store settings. We can use the SSL configuration settings to make the SSL connections.
Target object None.
Required parameters
-alias The name of the alias. (String, required) -trustStoreNames The key store that holds trust information used to validate the trust from remote connections. (String, required) -keyStoreName The key store that holds the personal certificates that provide identity for the connection. (String, required) Optional parameters
-scopeName The name of the scope. -clientKeyAlias The certificate alias name for the client. -serverKeyAlias The certificate alias name for the server. -type The type of SSL configuration. -clientAuthentication Set true to request client authentication. -securityLevel The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required) -enabledCiphers A list of ciphers used during SSL handshake. -jsseProvider One of the JSSE providers. -clientAuthenticationSupported Set true to support client authentication. -sslProtocol The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. -trustManagerObjectNames A list of trust managers separated by commas. -trustStoreScopeName The management scope name of the trust store. -keyStoreScopeName The management scope name of the key store. -keyManagerName - Name of the Key Manager. -keyManagerScopeName Scope of the key manager. -ssslKeyRingName Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional) -v3timeout - Time out in seconds for System SSL configuration types. Values range from 1 to 86400. Example output
The command returns the configuration object name of the new SSL configuration object.
Examples:
- Jacl:
$AdminTask createSSLConfig {-alias testSSLCfg -clientKeyAlias key1 -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName testKS -keyManagerName testKeyMgr}
- Jython string:
AdminTask.createSSLConfig('[-alias testSSLCfg -clientKeyAlias key1 -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName testKS -keyManagerName testKeyMgr]')
- Jython list:
AdminTask.createSSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'key1', '-serverKeyAlias', 'key2', '-trustStoreNames', 'trustKS', '–keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])
Interactive mode example usage:
- Jacl:
$AdminTask createSSLConfig {-interactive}
- Using Jython:
AdminTask.createSSLConfig('-interactive')
createSSLConfigProperty
Create a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.
Target object None.
Required parameters
-sslConfigAliasName The alias name of the SSL configuration. (String, required) -propertyName The name of the property. (String, required) -propertyValue The value of the property. (String, required) Optional parameters
-scopeName The name of the scope. Example output
The command does not return output.
Examples:
- Jacl:
$AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName test.property -propertyValue testValue}
- Jython string:
AdminTask.createSSLConfigProperty('[-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName test.property -propertyValue testValue]')
- Jython list:
AdminTask.createSSLConfigProperty(['-sslConfigAliasName', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName', 'test.property', '-propertyValue', 'testValue'])
Examples:
Interactive mode example usage:
- Jacl:
$AdminTask createSSLConfigProperty {-interactive}
- Using Jython:
AdminTask.createSSLConfigProperty('-interactive')
deleteSSLConfig
Delete the SSL configuration object specified from the configuration.
Target object None.
Required parameters and return values
-alias The name of the alias. (String, required) Optional parameters
-scopeName The name of the scope. Example output
The command does not return output.
Examples:
- Jacl:
$AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
- Jython string:
AdminTask.deleteSSLConfig('[-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
- Jython list:
AdminTask.deleteSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode example usage:
- Jacl:
$AdminTask deleteSSLConfig {-interactive}
- Using Jython:
AdminTask.deleteSSLConfig('-interactive')
getInheritedSSLConfig
Return the SSL configuration alias and certificate alias from which a given management scope and direction inherits its SSL configuration information. This command only returns inheritance information; it does not return information about an SSL configuration that is effective for a give scope.
Target object: None
Required parameters and return values
-scopeName The name of the management scope for which to find out where that management schope will inherit its SSL configuration. (String, required) Optional parameters
None.
Example output
The command returns the SSL configuration alias and certificate alias from which the specified management scope and direction inherits its SSL configuration information.
Examples:
- Jacl:
$AdminTask getInheritedSSLConfig {-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound} CellDefaultSSLSettings,null
- Jython string:
AdminTask.getInheritedSSLConfig('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound]') CellDefaultSSLSettings,null
getSSLConfig
Obtain information about an SSL configuration and displays the settings.
Target object: None.
Required parameters and return values
-alias The name of the alias. (String, required) Optional parameters
-scopeName The name of the scope. Example output:
The command returns information about the SSL configuration of interest.
Examples:
- Jacl:
$AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
- Jython string:
AdminTask.getSSLConfig('[-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
- Jython list:
AdminTask.getSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode example usage:
- Jacl:
$AdminTask getSSLConfig {-interactive}
- Using Jython:
AdminTask.getSSLConfig('-interactive')
getSSLConfigProperties
Obtain information about SSL configuration properties.
Target object None.
Required parameters and return values
-alias The name of the alias. (String, required) Optional parameters
-scopeName The name of the scope. Example output
The command returns additional information about the SSL configuration properties.
Examples:
- Jacl:
$AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
- Jython string:
AdminTask.getSSLConfigProperties('[-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
- Jython list:
AdminTask.getSSLConfigProperties(['-sslConfigAliasName', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode example usage:
- Jacl:
$AdminTask getSSLConfigProperties {-interactive}
- Using Jython:
AdminTask.getSSLConfigProperties('-interactive')
listSSLCiphers
List the SSL ciphers.
Target object None.
Required parameters
-securityLevel The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required) Optional parameters
-sslConfigAliasName The alias name of the SSL configuration. -scopeName The name of the scope. Example output
The command returns a list of SSL ciphers.
Examples:
- Jacl:
$AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg -securityLevel HIGH}
- Jython string:
AdminTask.listSSLCiphers('[-sslConfigAliasName testSSLCfg -securityLevel HIGH]')
- Jython list:
AdminTask.listSSLCiphers(['-sslConfigAliasName', 'testSSLCfg', '-securityLevel', 'HIGH'])
Interactive mode example usage:
- Jacl:
$AdminTask listSSLCiphers {-interactive}
- Using Jython:
AdminTask.listSSLCiphers('-interactive')
listSSLConfigs
List the defined SSL configurations within a management scope.
Target object None.
Optional parameters
-scopeName The name of the scope. -displayObjectName Set Set true to to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings containing the SSL configuration alias and management scope. (Boolean, optional) -all Specify the value of this parameter as true to list all SSL configurations. This parameter overrides the scopeName parameter. Default is false. (Boolean, optional) Example output
The command returns a list of defined SSL configurations.
Examples:
- Jacl:
$AdminTask listSSLConfigs {-scopeName (cell): localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
- Jython string:
AdminTask.listSSLConfigs('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
- Jython list:
AdminTask.listSSLConfigs(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
Interactive mode example usage:
- Jacl:
$AdminTask listSSLConfigs {-interactive}
- Using Jython:
AdminTask.listSSLConfigs('-interactive')
listSSLConfigProperties
List the properties for a SSL configuration.
Target object None.
Required parameters
-alias The alias name of the SSL configuration. (String, required) Optional parameters
-scopeName The name of the scope. -displayObjectName Set Set true to to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings containing the SSL configuration alias and management scope. (Boolean, optional) Example output
The command returns SSL configuration properties.
Examples:
- Jacl:
$AdminTask listSSLConfigProperty {-alias SSL123 -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
- Jython string:
AdminTask.listSSLConfigProperty('[-alias SSL123 -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
- Jython list:
AdminTask.listSSLConfigProperty(['-alias', 'SSL123', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
Interactive mode example usage:
- Jacl:
$AdminTask listSSLConfigProperties {-interactive}
- Using Jython:
AdminTask.listSSLConfigProperties('-interactive')
listSSLProtocolTypes
List the SSL protocols valid for the current configured security level. If a security standard is not enabled, the full list of valid protocols are returned. Otherwise, the list of appropriate protocols for the configured security level is returned.
Target object None.
Required parameters None.
Returns: This command lists all available protocols for the current FIPS level.
FIPSLevel and protocolTypes. Following are the available protocol types for each FIPS level.
Security mode Available protocol types FIPS not enabled SSL_TLS SSL SSLv2 SSLv3 TLS TLSv1 SSL_TLSv2 TLSv1.1 TLSv1.2 FIPS140-2 TLS TLSv1 TLSv1.1 TLSv1.2 SP800-131 - Transition TLS TLSv1 TLSv1.1 TLSv1.2 SP800-131 - Strict TLSv1.2 Suite B 128 TLSv1.2 SP800-131 - Suite B 1.2 TLSv1.2 Examples:
- Jacl:
$AdminTask listSSLProtocolTypes TLSv1.2
listSSLRepertoires
List all of the SSL configuration instances that we can associate with an SSL inbound channel.
If you create a new SSL alias using the dmgr console, the alias name is automatically created in the node_name/alias_name format. However, if you create a new SSL alias using wsadmin, create the SSL alias and specify both the node name and alias name in the node_name/alias_name format.
Target object SSLInboundChannel instance for which the SSLConfig candidates are listed.
Required parameters None.
Optional parameters None.
Sample output The command returns a list of eligible SSL configuration object names.
Examples:
- Jacl:
$AdminTask listSSLRepertoires SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/server2|server.xml#SSLInboundChannel_1093445762330)
- Jython string:
print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/server2|server.xml#SSLInboundChannel_1093445762330)')
- Jython list:
print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/server2|server.xml#SSLInboundChannel_1093445762330)')
Interactive mode example usage:
- Jacl:
$AdminTask listSSLRepertoires {-interactive}
- Using Jython:
print AdminTask.listSSLRepertoires('-interactive')
modifySSLConfig
Modify the settings of an existing SSL configuration.
Target object: None.
Required parameters
-alias The name of the alias. (String, required) Optional parameters
-scopeName The name of the scope. -clientKeyAlias The certificate alias name for the client. -serverKeyAlias The certificate alias name for the server. -clientAuthentication Set Set true to to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional) -securityLevel The cipher group to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required) -enabledCiphers A list of ciphers used during SSL handshake. -jsseProvider One of the JSSE providers. -clientAuthenticationSupported Set Set true to to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional) -sslProtocol The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. -trustManagerObjectNames A list of trust managers separated by commas. -trustStoreName The key store that holds trust information used to validate the trust from remote connections. -trustStoreScopeName The management scope name of the trust store. -keyStoreName The key store that holds the personal certificates that provide identity for the connection. -keyStoreScopeName The management scope name of the key store. -keyManagerName - Name of the Key Manager. -keyManagerScopeName Scope of the key manager. -ssslKeyRingName Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. -v3timeout - Time out in seconds for System SSL configuration types. Values range from 1 to 86400. Example output
The command does not return output.
Examples:
- Jacl:
$AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1 -serverKeyAlias tstKey2 -securityLevel LOW}
- Jython string:
AdminTask.modifySSLConfig('[-alias testSSLCfg -clientKeyAlias tstKey1 -serverKeyAlias tstKey2 -securityLevel LOW]')
- Jython list:
AdminTask.modifySSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'tstKey1', '-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])
Interactive mode example usage:
- Jacl:
$AdminTask modifySSLConfig {-interactive}
- Using Jython:
AdminTask.modifySSLConfig('-interactive')
Related concepts:
Key management for cryptographic uses
Related
Use the wsadmin scripting AdminTask object for scripted administration
Automating SSL configurations using scripting
Create an SSL configuration at the node scope using scripting