SignerCertificateCommands

Use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands in the SignerCertificateCommands group can be used to create and modify signer certificates in relation to the key store file and to query for signer information on ports of remote hosts.

The SignerCertificateCommands commands include:

1. addSignerCertificate
2. deleteSignerCertificate
3. extractSignerCertificate
4. getSignerCertificate
5. listSignerCertificates
6. retrieveSignerFromPort
7. retrieveSignerInfoFromPort

addSignerCertificate

Add a signer certificate from a certificate file to a keystore.

Target object: None.

Required parameters:

-keyStoreName	Name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias	Name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateFilePath	Full path of the request file containing the certificate. (String, required)
-base64Encoded	That the certificate is a Base64 encoded ASCII data file type if the value is set to true. Set value to false if the certificate is a binary DER data file type. (Boolean, required)

Optional parameters:

-keyStoreScope

Scope name of the keystore. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask addSignerCertificate {-keyStoreName testKeyStore -certificateAlias default -certificateFilePath <file path> -base64Encoded true}

• Jython string:
  AdminTask.addSignerCertificate('[-keyStoreName testKeyStore -certificateAlias default -certificateFilePath <file path> -base64Encoded true]')

• Jython list:
  AdminTask.addSignerCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default', '-certificateFilePath', '<file path>', '-base64Encoded', 'true'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask addSignerCertificate {-interactive}

• Jython string:
  AdminTask.addSignerCertificate ('[-interactive]')

deleteSignerCertificate

Delete a signer certificate from a certificate file from a keystore.

Target object: None.

Required parameters:

-keyStoreName	Name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias	Name that uniquely identifies the certificate request in a keystore. (String, required)

Optional parameters:

-keyStoreScope

Scope name of the keystore. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask deleteSignerCertificate {-keyStoreName testKeyStore -certificateAlias default}

• Jython string:
  AdminTask.deleteSignerCertificate('[-keyStoreName testKeyStore -certificateAlias default]')

• Jython list:
  AdminTask.deleteSignerCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask deleteSignerCertificate {-interactive}

• Jython string:
  AdminTask.deleteSignerCertificate ('[-interactive]')

extractSignerCertificate

Extract a signer certificate from a key store to a file.

Target object: None

Parameters and return values

-keyStoreName	The name of the key store where the signer certificate is located. (String, required)
-keyStoreScope	The management scope of the key store. (String, optional)
-certificateAlias	The alias name of the signer certificate in the key store. (String, required)
-certificateFilePath	The full path name of the file containing the signer certificate. (String, required)
-base64Encoded	Set value to true if the certificate is ascii base 64 encoded. Set value to false if the certificate is binary. (String, required)

Examples

Interactive mode example usage:

• Use Jacl:
  $AdminTask extractSignerCertificate {-interactive}

• Jython string:
  AdminTask.extractSignerCertificate ('[-interactive]')

• Jython list:
  AdminTask.extractSignerCertificate (['-interactive'])

getSignerCertificate

Obtain information about a signer certificate from a key store.

Target object: None

Parameters and return values

-keyStoreName	The name of the key store where the signer certificate is located. (String, required)
-keyStoreScope	The management scope of the key store. (String, optional)
-certificateAlias	The alias name of the signer certificate in the key store. (String, required)

Examples

Interactive mode example usage:

• Use Jacl:
  $AdminTask getSignerCertificate {-interactive}

• Jython string:
  AdminTask.getSignerCertificate ('[-interactive]')

• Jython list:
  AdminTask.getSignerCertificate (['-interactive'])

listSignerCertificates

List all signer certificates in a particular key store.

Target object: None

Parameters and return values

-keyStoreName	The name of the key store where the signer certificate is located. (String, required)
-keyStoreScope	The management scope of the key store. (String, optional)

Examples

Interactive mode example usage:

• Use Jacl:
  $AdminTask listSignerCertificates {-interactive}

• Jython string:
  AdminTask.listSignerCertificates ('[-interactive]')

• Jython list:
  AdminTask.listSignerCertificates (['-interactive'])

retrieveSignerFromPort

Retrieve a signer from a remote host and stores the signer in a key store. The command will retrieve the root certificate information from the certificate chain on the port. To retrieve the leaf certificate users can set the security customer property com.ibm.websphere.ssl.retrieveLeafCert to true

Target object: None

Parameters and return values

-host	The host name of the system from where the signer certificate will be retrieved. (String, required)
-port	The port of the remote system from where the signer certificate will be retrieved. (Integer, required)
-certificateAlias	Unique name to identify a certificate. (String, required)
-keyStoreName	The name of the key store where the signer certificate is located. (String, required)
-keyStoreScope	The management scope of the key store. (String, optional)
-sslConfigName	The name of the SSL configuration object. (String, optional)
-sslConfigScopeName	The management scope where the SSL configuration object is located. (String, optional)

Examples

Batch mode example usage:

• Use Jacl:
  $AdminTask retrieveSignerFromPort {-host serverHost -port 443 -keyStoreName testKeyStore -certificateAlias serverHostSigner}

• Jython string:
  AdminTask.retrieveSignerFromPort ('[-host serverHost -port 443 -keyStoreName testKeyStore -certificateAlias serverHostSigner]')

• Jython list:
  AdminTask.retrieveSignerFromPort (['-host', 'serverHost', '-port', '443', '-keyStoreName', 'testKeyStore', '-certificateAlias', 'serverHostSigner'])

Interactive mode example usage:

• Use Jacl:
  $AdminTask retrieveSignerFromPort {-interactive}

• Jython string:
  AdminTask.retrieveSignerFromPort ('[-interactive]')

• Jython list:
  AdminTask.retrieveSignerFromPort (['-interactive'])

retrieveSignerInfoFromPort

Retrieve signer information from a port on a remote host. The command will retrieve the root certificate information from the certificate chain on the port. To retrieve the leaf certificate users can set the security customer property com.ibm.websphere.ssl.retrieveLeafCert to true

Target object: None

Parameters and return values

-host	The host name of the system from where the signer certificate will be retrieved. (String, required)
-port	The port of the remote system from where the signer certificate will be retrieved. (Integer, required)
-sslConfigName	The name of the SSL configuration object. (String, optional)
-sslConfigScopeName	The management scope where the SSL configuration object is located. (String, optional)

Examples

Interactive mode example usage:

• Use Jacl:
  $AdminTask retrieveSignerInfoFromPort {-interactive}

• Jython string:
  AdminTask.retrieveSignerInfoFromPort ('[-interactive]')

• Jython list:
  AdminTask.retrieveSignerInfoFromPort (['-interactive'])

wsadmin AdminTask

Commands for the AdminTask object