PersonalCertificateCommands
Use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands in the PersonalCertificateCommands group can be used to manage personal or signer certificates.
The PersonalCertificateCommands commands include:
- createChainedCertificate
- createSelfSignedCertificate
- deleteCertificate
- exportCertificate
- exportCertToManagedKS
- extractCertificate
- getCertificate
- getCertificateChain
- importCertificate
- importCertFromManagedKS
- listKeySizes
- listPersonalCertificates
- queryCACertificate
- receiveCertificate
- renewCertificate
- replaceCertificate
- requestCACertificate
- revokeCACertificate
Certificate aliases with embedded quotes in them can cause issues when the runtime attempts to use them. Do not use embedded quotes in a certificate alias.
createChainedCertificate
Create a new self-signed certificate and stores the certificate in a keystore.To use the IBMi5OSKeyStore key store, verify that the signer for each part of the chain exists in the keystore before creating the new certificate. We must import the signer into the IBMi5OSKeyStore keystore before creating the new certificate. Target object: None.
Required parameters:
- -keyStoreName
- Name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- Name that uniquely identifies the certificate request in a keystore. (String, required)
- -certificateSize
- Size of the certificate. (Integer, required)
- -certificateCommonName
- Common name of the certificate. (String, required)
- -certificateOrganization
- Organization of the certificate. (String, optional)
Optional parameters:
- -rootCertificateAlias
- Unique name to identify the root certificated to use for signing. The default root certificate alias is root. (String, optional)
- -certificateVersion
- Version of the certificate. (String, optional)
- -keyStoreScope
- Scope name of the keystore. (String, optional)
- -certificateOrganization
- Organization of the certificate. (String, optional)
- -certificateOrganizationalUnit
- Organizational unit of the certificate. (String, optional)
- -certificateLocality
- Locality of the certificate. (String, optional)
- -certificateState
- State of the certificate. (String, optional)
- -certificateZip
- The zip code of the certificate. (String, optional)
- -certificateCountry
- Country of the certificate. (String, optional)
- -certificateValidDays
- Amount of time in days for which the certificate is valid. (Integer, optional)
Return value. The command does not return output.
Batch mode example usage
- Use Jython string:
AdminTask.createChainedCertificate('-keyStoreName myKeystore -certificateAlias newCertificate -certificateSize 10 -certificateCommonName localhost -certificateOrganization ibm')
- Use Jython list:
AdminTask.createChainedCertificate('-keyStoreName', 'myKeystore', '-certificateAlias', 'newCertificate', '-certificateSize', '10', '-certificateCommonName', 'localhost', '-certificateOrganization', 'ibm')
Interactive mode example usage
- Use Jython:
AdminTask.createChainedCertificate('-interactive')
createSelfSignedCertificate
Create a self-signed personal certificate in a keystore.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
- -certificateVersion
- The version of the certificate. (String, required)
- -certificateSize
- The size of the certificate. (Integer, required)
- -certificateCommonName
- The common name of the certificate. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -certificateOrganization
- The organization of the certificate. (String, optional)
- -certificateOrganizationalUnit
- The organizational unit of the certificate. (String, optional)
- -certificateLocality
- The locality of the certificate. (String, optional)
- -certificateState
- The state of the certificate. (String, optional)
- -certificateZip
- The zip code of the certificate. (String, optional)
- -certificateCountry
- The country of the certificate. (String, optional)
- -certificateValidDays
- The amount of time in days for which the certificate is valid. (Integer, optional)
- -signatureAlgorithem
- The signature algorithm used to create the self-signed certificate. The list of valid signature algorithms can be retrieved using the listSignatureAlgorithms command. (String, optional)
Elliptical Curve signature algorithms require specific sizes, so the size parameter is ignored if SHA256withECDSA, SHA384withECDSA, or SHA512withECDSA is specified. SHA256withECDSA will have a size of 256, SHA384withECDSA will have a size of 384, and SHA512withECDSA will have a size of 521.
If no signature algorithm is provided, SHA256withRSA is used.
Example output
The command does not return output.Examples
Batch mode example usage:
- Use Jacl:
$AdminTask createSelfSignedCertificate {-keyStoreName testKeyStore -certificateAlias default -certificateCommonName localhost -certificateOrganization ibm}
- Use Jython string:
AdminTask.createSelfSignedCertificate('[-keyStoreName testKeyStore -certificateAlias default -certificateCommonName localhost -certificateOrganization ibm')
- Use Jython list:
AdminTask.createSelfSignedCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default', '-certificateCommonName', 'localhost', '-certificateOrganization', 'ibm]')
Interactive mode example usage:
- Use Jython:
AdminTask.createSelfSignedCertificate('-interactive')
deleteCertificate
Delete a personal certificate from a keystore. The command saves a copy of the certificate in the delete keystore.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command does not return output.Examples
Interactive mode example usage:
- Use Jython:
AdminTask.deleteCertificate('-interactive')
exportCertificate
Cxport a personal certificate from one keystore to another.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -keyStorePassword
- The password to the keystore. (String, required)
- -keyFilePath
- The full path to a keystore file located in a file system. The store from where a certificate will be imported or exported. (String, required)
- -keyFilePassword
- The password to the keystore file. (String, required)
- -keyFileType
- The type of the key file. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -aliasInKeyStore
- (String, optional)
Example output
The command does not return output.Examples
Interactive mode example usage:
- Use Jython:
AdminTask.exportCertificate('-interactive')
exportCertToManagedKS
Export a personal certificate to a managed keystore in the configuration.
Target object: None.Required parameters:
- -keyStoreName
- Name that uniquely identifies the keystore configuration object. (String, required)
- -keyStorePassword
- The password to the keystore. (String, required)
- -toKeyStoreName
- Unique name of the keystore to export the certificate to. (String, required)
- -certificateAlias
- Alias of the certificate of interest. (String, required)
Optional parameters:
- -keyStoreScope
- Keystore of the certificate of interest. (String, optional)
- -toKeyStoreScope
- Scope of the keystore to export to. (String, optional)
- -aliasInKeyStore
- Alias that identifies the certificate in the keystore. (String, optional)
Return value. The command does not return output.
Batch mode example usage
- Use Jython string:
AdminTask.exportCertificateToManagedKS('-keyStoreName myKS -keyStorePassword myKSpw -toKeyStoreName myKS2 -certificateAlias testingKeyStore')
- Use Jython list:
AdminTask.exportCertificateToManagedKS(['-keyStoreName', 'myKS', '-keyStorePassword', 'myKSpw', '-toKeyStoreName', 'myKS2', '-certificateAlias', 'testingKeyStore'])
Interactive mode example usage
- Use Jython:
AdminTask.exportCertificateToManagedKS('-interactive')
extractCertificate
Extract the signer part of a personal certificate to a certificate file. The certificate in the file can later be added to a keystore to establish trust.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
- -certificateFilePath
- The full path of the request file containing the certificate. (String, required)
- -base64Encoded
- Set value to true if the certificate is a Base64 encoded ASCII file type. Set the value of this parameter to false if the certificate is binary. (Boolean, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command does not return output.Examples
Batch mode example usage:
- Use Jacl:
(Windows)
$AdminTask extractCertificate {-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm -certificateAlias testCertificate}
(AIX) (HPUX) (iSeries) (Linux) (Solaris) (ZOS)
$AdminTask extractCertificate {-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm -certificateAlias testCertificate}
- Use Jython string:
(Windows)
AdminTask.extractCertificate('[-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm -certificateAlias testCertificate]')
(AIX) (HPUX) (iSeries) (Linux) (Solaris) (ZOS)
AdminTask.extractCertificate('[-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm -certificateAlias testCertificate]')
- Use Jython list:
(Windows)
AdminTask.extractCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', 'c:/temp/CertFile.arm', '-certificateAlias', 'testCertificate'])
(AIX) (HPUX) (iSeries) (Linux) (Solaris) (ZOS)
AdminTask.extractCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', '/temp/CertFile.arm', '-certificateAlias', 'testCertificate'])
Interactive mode example usage:
- Use Jython:
AdminTask.extractCertificate('-interactive')
getCertificate
Obtain information about a particular personal certificate in a keystore. If the certificate of interest was created with the requestCACertificate command, the certificate can be in the COMPLETE or REVOKED state. Certificate requests can be in the PENDING state. Use the getCertificateRequest command to determine if a certificate request is in the PENDING state.
Target object: None.Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command returns information about the certificate request.Examples
Interactive mode example usage:
- Use Jython:
AdminTask.getCertificate('-interactive')
getCertificateChain
Query the configuration for information about each personal certificate in a certificate chain.
Target object: None.Required parameters and return values
- -keyStoreName
- Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
- -certificateAlias
- Unique alias of the certificate. (String, required)
Optional parameters:
- -keyStoreScope
- Management scope of the keystore. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
Example output
The command returns an array of attribute lists that contain configuration information for each certificate in a chain.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask getCertificateChain {-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore}
- Use Jython string:
AdminTask.getCertificateChain('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore')
- Use Jython list:
AdminTask.getCertificateChain(['-certificateAlias', 'newCertificate', '-keyStoreName', 'CellDefaultKeyStore'])
Interactive mode example usage:
- Use Jython:
AdminTask.getCertificateChain('-interactive')
importCertificate
Import a personal certificate from a keystore.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -keyFilePath
- The full path to a keystore file located in a file system. The store from where a certificate will be imported or exported. (String, required)
- -keyFilePassword
- The password to the keystore file. (String, required)
- -keyFileType
- The type of the key file. (String, required)
- -certificateAliasFromKeyFile
- The certificate alias in the key file from which the certificate is being imported. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command does not return output.Examples
Interactive mode example usage:
- Use Jython:
AdminTask.importCertificate('-interactive')
importCertFromManagedKS
Import a personal certificate from a managed keystore in the configuration.
Target object: None.Required parameters:
- -keyStoreName
- Name that uniquely identifies the keystore configuration object. (String, required)
- -fromKeyStoreName
- Name that uniquely identifies the keystore from which the system imports the certificate. (String, required)
- -fromKeyStorePassword
- Password for the keystore from which the system imports the certificate. (String, required)
- -certificateAliasFromKeyStore
- Alias of the certificate in the keystore. (String, required)
Optional parameters:
- -keyStoreScope
- Scope of the keystore to import the certificate to. (String, optional)
- -fromKeyStoreScope
- Scope of the keystore to import the certificate from. (String, optional)
- -certificateAlias
- Alias of the certificate for the destination keystore. (String, optional)
Return value. The command does not return output.
Batch mode example usage
- Use Jython string:
AdminTask.importCertFromManagedKS('-keyStoreName myKeystore -fromKeyStoreName oldKeystore -fromKeyStorePassword my122password -certificateAliasFromKeyStore myCertificate')
- Use Jython list:
AdminTask.importCertFromManagedKS('-keyStoreName', 'myKeystore', '-fromKeyStoreName', 'oldKeystore', '-fromKeyStorePassword', 'my122password', '-certificateAliasFromKeyStore', 'myCertificate')
Interactive mode example usage
- Use Jython:
AdminTask.importCertFromManagedKS('-interactive')
listKeySizes
Administrative console helper task used to display the set of certificate key sizes allowed when creating a personal certificate.
By default, the set of valid key sizes include 512, 1024, 2048, 4096 and 8192. We can customize the list of comma-separated key sizes in the com.ibm.websphere.customKeySizeList security custom property. The com.ibm.websphere.customKeySizeList custom property can be set using the setAdminActiveSecuritySettings command.
Valid key sizes must be 512 or larger, but no larger then 16384, and must be multiples of 8. Any values in com.ibm.websphere.customKeySizeList that do not meet the size requirements are ignored. If the custom list does not contain anything in it when it is finished processing then the list of default sizes is returned.
Target object: None.
Required parameters: None.
Optional parameters: None.
Example output
Returns an arrayList of sizes. The sizes are strings:
512
1024
2048
4096
8192Examples
Batch mode example usage:
- Use Jacl:
$AdminTask listKeySize
- Use Jython string:
AdminTask.listKeySizes()
listPersonalCertificates
List the personal certificates in a particular keystore.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. The value of this field is not a path to the keystore file. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. To obtain a list of the keystore scope values, see the listManagementScopes command, which is part of the ManagementScopeCommands command group. (String, optional)
Example output
The command returns a list of attributes for each personal certificate in a keystore.
Examples
Batch mode example usage:
- Use Jython string:
AdminTask.listPersonalCertificates('-keyStoreName myKS')
- Use Jython list:
AdminTask.listPersonalCertificates(['-keyStoreName', 'myKS'])
Interactive mode example usage:
- Use Jython:
AdminTask.listPersonalCertificates('-interactive')
queryCACertificate
Query the configuration to determine if the CA has completed the certificate. If the CA returns a personal certificate, then the system marks the certificate as COMPLETE. Otherwise, it remains marked as PENDING.
Target object: None.Required parameters and return values
- -keyStoreName
- Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
- -certificateAlias
- Unique alias of the certificate. (String, required)
Optional parameters:
- -keyStoreScope
- Management scope of the keystore. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
Example output
The command returns one of two values: Certificate COMPLETE or certificate PENDING. If the command returns the Certificate COMPLETE message, the certificate authority returned the requested certificate and the default personal certificate is replaced. If the command returns the certificate PENDING message, the certificate authority did not yet return a certificate.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask queryCACertificate {-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore}
- Use Jython string:
AdminTask.queryCACertificate('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore')
- Use Jython list:
AdminTask.queryCACertificate(['-certificateAlias', 'newCertificate', '-keyStoreName', 'CellDefaultKeyStore'])
Interactive mode example usage:
- Use Jython:
AdminTask.queryCACertificate('-interactive')
receiveCertificate
Receive a signer certificate from a file to a personal certificate.
Target object: None.
Required parameters:
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
- -certificateFilePath
- The full path of the file containing the certificate. (String, required)
- -base64Encoded
- Set value to true if the certificate is ascii base 64 encoded. Set value to false if the certificate is binary. (Boolean, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command does not return output.Examples
Batch mode example usage:
- Use Jacl:
(Windows)
$AdminTask receiveCertificate {-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm}
(AIX) (HPUX) (iSeries) (Linux) (Solaris) (ZOS)
$AdminTask receiveCertificate {-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm}
- Use Jython string:
(Windows)
AdminTask.receiveCertificate('[-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm]')
(AIX) (HPUX) (iSeries) (Linux) (Solaris) (ZOS)
AdminTask.receiveCertificate('[-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm]')
- Use Jython list:
(Windows)
AdminTask.receiveCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', 'c:/temp/CertFile.arm'])
(AIX) (HPUX) (iSeries) (Linux) (Solaris) (ZOS)
AdminTask.receiveCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', '/temp/CertFile.arm'])
Interactive mode example usage:
- Use Jython:
AdminTask.receiveCertificate('-interactive')
renewCertificate
Renew a certificate with a new generated certificate.
Target object: None.
Required parameters:
- -keyStoreName
- Unique name that identifies the keystore. (String, required)
- -certificateAlias
- Unique name that identifies the certificate. (String, required)
Optional parameters:
- -keyStoreScope
- Scope of the keystore. (String, optional)
- -deleteOldSigners
- Set value to true to delete the old signer certificates during certificate replacement. Otherwise, set value to false. (Boolean, optional)
Return value. The command does not return output.
Batch mode example usage
- Use Jython string:
AdminTask.renewCertificate('-keyStoreName myKS -certificateAlias testCertificate')
- Use Jython list:
AdminTask.renewCertificate(['-keyStoreName', 'myKS', '-certificateAlias', 'testCertificate'])
Interactive mode example usage
- Use Jython:
AdminTask.renewCertificate('-interactive')
replaceCertificate
Replace a personal certificate with another personal certificate. The command finds each reference to the old certificate alias in the configuration and replaces the alias with the new one. The command also replaces each signer certificate from the old personal certificate with the signer from the new personal certificate.
Target object: None.
Required parameters and return values
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore. (String, required)
- -replacementCertificateAlias
- The alias of the certificate used to replace a different certificate. (String, required)
Optional parameters:
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -deleteOldCert
- Set value to true to delete the old certificates during certificate replacement. Otherwise, set value to false. (Boolean, optional)
- -deleteOldSigners
- Set value to true to delete the old signer certificates during certificate replacement. Otherwise, set value to false. (Boolean, optional)
Example output
The command does not return output.Examples
Batch mode example usage:
- Use Jacl:
$AdminTask replaceCertificate {-keyStoreName testKeyStore -certificateAlias default -replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true}
- Use Jython string:
AdminTask.replaceCertificate('[-keyStoreName testKeyStore -certificateAlias default -replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true]')
- Use Jython list:
AdminTask.replaceCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default', '-replacementCertificateAlias', 'replaceCert', '-deleteOldCert', 'true', '-deleteOldSigners', 'true'])
Interactive mode example usage:
- Use Jython:
AdminTask.replaceCertificate('-interactive')
requestCACertificate
Create a certificate request and sends the request to a certificate authority (CA). If the certificate authority returns a personal certificate, then the returned certificate replaces the certificate request in the keystore. The command also works with a preexisting certificate request created with the createCertificateRequest command. When the CA returns a personal certificate, the system marks the certificate as COMPLETE and the command returns a message stating that the certificate is complete. If the CA does not return a personal certificate, then the system marks the certificate request as PENDING and the command returns a message stating that the certificate is PENDING.
To use the IBMi5OSKeyStore key store, verify that the signer for each part of the chain exists in the keystore before creating the new certificate. We must import the signer into the IBMi5OSKeyStore keystore before creating the new certificate. Target object: None.
Required parameters and return values
- -certificateAlias
- Alias of the certificate. We can specify a predefined certificate request. (String, required)
- -keyStoreName
- Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
- -caClientName
- Name of the CA client object that has been created and references a WSPKIClient implementation. Needed to communicate with a CA server. (String, required)
- -revocationPassword
- Password to use to revoke the certificate at a later date. (String, required)
Optional parameters:
- -keyStoreScope
- Management scope of the keystore. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
- -caClientScope
- Management scope of the CA client. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
- -certificateCommonName
- Common name (CN) part of the full distinguished name (DN) of the certificate. This common name can represent a person, company, or machine. For websites, the common name is frequently the DNS host name where the server resides. (String, optional)
- -certificateOrganization
- Organization part of the full distinguished name (DN) of the certificate. (String, optional)
- -certificateOrganizationalUnity
- Organization unit part of the full distinguished name (DN) of the certificate. (String, optional)
- -certificateLocality
- Locality part of the full distinguished name (DN) of the certificate. (String, optional)
- -certificateState
- State part of the full distinguished name (DN) of the certificate. (String, optional)
- -certificateZip
- The zip code part of the full distinguished name (DN) of the certificate. (String, optional)
- -certificateCountry
- Country part of the full distinguished name (DN) of the certificate. (String, optional)
- -certificateSize
- Size of the certificate key. The valid values are 512, 1024, 2048, 4096, and 8192. The default is 2048. (String, optional)
Example output
The command returns one of two values: Certificate COMPLETE or certificate PENDING.
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask requestCACertificate {-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore -CAClientName myCAClient -revocationPassword revokeCApw}
- Use Jython string:
AdminTask.requestCACertificate('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore -CAClientName myCAClient -revocationPassword revokeCApw')
- Use Jython list:
AdminTask.requestCACertificate(['-certificateAlias','newCertificate','-keyStoreName', 'CellDefaultKeyStore','-CAClientName','myCAClient','-revocationPassword', 'revokeCApw'])
Interactive mode example usage:
- Use Jython:
AdminTask.requestCACertificate('-interactive')
revokeCACertificate
Send a request to the CA to revoke the CA personal certificate of interest.
Target object: None.
Required parameters and return values
- -certificateAlias
- Unique name that identifies the CA personal certificate object and the alias name of the certificate in the keystore. (String, required)
- -keyStoreName
- Name of the keystore where the CA personal certificate is stored. (String, required)
- -revocationPassword
- Password needed to revoke the certificate. This is the same password that was provided when the certificate was created. (String, required)
Optional parameters:
- -keyStoreScope
- Management scope of the keystore. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
- -revocationReason
- Reason for revoking the certificate of interest. The default value for this parameter is unspecified. (String, optional)
Example output
The command does not return output. Use the getCertificate command to view the current status of the certificate:AdminTask.getCertificate('-certificateAlias myCertificate -keyStoreName CellDefaultKeyStore')
Examples
Batch mode example usage:
- Use Jacl:
$AdminTask revokeCACertificate {-keyStoreName CellDefaultKeyStore -certificateAlias myCertificate -revocationPassword pw4revoke}
- Use Jython string:
AdminTask.revokeCACertificate('[-keyStoreName CellDefaultKeyStore -certificateAlias myCertificate -revocationPassword pw4revoke]')
- Use Jython list:
AdminTask.revokeCACertificate(['-keyStoreName', 'CellDefaultKeyStore', '-certificateAlias', 'myCertificate', '-revocationPassword', 'pw4revoke'])
Interactive mode example usage:
- Use Jython:
AdminTask.revokeCACertificate('-interactive')
Create self-signed certificates using scripting Add a signer certificate to a keystore wsadmin AdminTask Configure security with scripting ManagementScopeCommands Use wsadmin scripting with Jython