SSLConfigCommands command group for the AdminTask object

You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties. The SSLConfigCommands command group for the AdminTask object includes the following commands:

• createSSLConfig

• createSSLConfigProperty

• deleteSSLConfig

• getSSLConfig

• getSSLConfigProperties

• listSSLCiphers

• listSSLConfig

• listSSLConfigProperties

• modifySSLConfig

createSSLConfig

The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. You can use the SSL configuration settings to make the SSL connections.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

-scopeName

The name of the scope. (String, optional)

-clientKeyAlias

The certificate alias name for the client. (String, optional)

-serverKeyAlias

The certificate alias name for the server. (String, optional)

-type

The type of SSL configuration. (String, optional)

-clientAuthentication

Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-securityLevel

The cipher group that you want to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, optional)

-enabledCiphers

A list of ciphers used during SSL handshake. (String, optional)

-jsseProvider

One of the JSSE providers. (String, optional)

-clientAuthenticationSupported

Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-sslProtocol

The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)

-trustManagerObjectName

A list of trust managers separated by commas. (String, optional)

-trustStoreNames

The key store that holds trust information used to validate the trust from remote connections. (String, required)

-trustStoreScopeName

The management scope name of the trust store. (String, optional)

-keyStoreName

The key store that holds the personal certificates that provide identity for the connection. (String, required)

-keyStoreScopeName

The management scope name of the key store. (String, optional)

-ssslKeyRingName

Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)

• Returns: The configuration object name of the SSL configuration object that you created.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask createSSLConfig {-alias testSSLCfg  -clientKeyAlias key1 -serverKeyAlias
  key2 -trustStoreName trustKS –keyStoreName  testKS -keyManagerName testKeyMgr}

• Using Jython string:

  AdminTask.createSSLConfig ('[-alias testSSLCfg  -clientKeyAlias key1 -serverKeyAlias 
  key2 -trustStoreName trustKS –keyStoreName  testKS -keyManagerName testKeyMgr]')

• Using Jython list:

  AdminTask.createSSLConfig (['-alias', 'testSSLCfg', '-clientKeyAlias', 
  'key1', '-serverKeyAlias', 'key2', '-trustStoreName', 'trustKS', 
  '–keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask createSSLConfig {-interactive}

• Using Jython string:

  AdminTask.createSSLConfig ('[-interactive]')

• Using Jython list:

  AdminTask.createSSLConfig (['-interactive'])

createSSLConfigProperty

The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.

Target object None.

Required parameters and return values

-sslConfigAliasName

The alias name of the SSL configuration. (String, required)

-scopeName

The name of the scope. (String, optional)

-propertyName

The name of the property. (String, required)

-propertyValue

The value of the property. (String, required)

• Returns: None.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName 
  test.property -propertyValue testValue}

• Using Jython string:

  AdminTask.createSSLConfigProperty ('[-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName 
  test.property -propertyValue testValue]')

• Using Jython list:

  AdminTask.createSSLConfigProperty (['-sslConfigAliasName', 'NodeDefaultSSLSettings', 
  '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName', 
  'test.property', '-propertyValue', 'testValue'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask createSSLConfigProperty {-interactive}

• Using Jython string:

  AdminTask.createSSLConfigProperty ('[-interactive]')

• Using Jython list:

  AdminTask.createSSLConfigProperty (['-interactive'])

deleteSSLConfig

The deleteSSLConfig command deletes the SSL configuration object that you specify from the configuration.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

-scopeName

The name of the scope. (String, optional)

• Returns: None.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01}

• Using Jython string:

  AdminTask.deleteSSLConfig ('[-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01]')

• Using Jython list:

  AdminTask.deleteSSLConfig (['-alias', 'NodeDefaultSSLSettings', '-scopeName', 
  '(cell):localhostNode01Cell:(node):localhostNode01'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteSSLConfig {-interactive}

• Using Jython string:

  AdminTask.deleteSSLConfig ('[-interactive]')

• Using Jython list:

  AdminTask.deleteSSLConfig (['-interactive'])

getSSLConfig

The getSSLConfig command obtains information about an SSL configuration and displays the settings.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

-scopeName

The name of the scope. (String, optional)

• Returns: Information about the SSL configuration that you specified.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01 }

• Using Jython string:

  AdminTask.getSSLConfig ('[-alias NodeDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01]')

• Using Jython list:

  AdminTask.getSSLConfig (['-alias', 'NodeDefaultSSLSettings', '-scopeName', 
  '(cell):localhostNode01Cell:(node):localhostNode01'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getSSLConfig {-interactive}

• Using Jython string:

  AdminTask.getSSLConfig ('[-interactive]')

• Using Jython list:

  AdminTask.getSSLConfig (['-interactive'])

getSSLConfigProperties

The getSSLConfigProperties command obtains information about SSL configuration properties.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

-scopeName

The name of the scope. (String, optional)

• Returns: Information about SSL configuration properties.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01}

• Using Jython string:

  AdminTask.getSSLConfigProperties ('[-sslConfigAliasName NodeDefaultSSLSettings 
  -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')

• Using Jython list:

  AdminTask.getSSLConfigProperties (['-sslConfigAliasName', 'NodeDefaultSSLSettings', 
  '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getSSLConfigProperties {-interactive}

• Using Jython string:

  AdminTask.getSSLConfigProperties ('[-interactive]')

• Using Jython list:

  AdminTask.getSSLConfigProperties (['-interactive'])

listSSLCiphers

The listSSLCiphers command lists the SSL ciphers.

Target object None.

Required parameters and return values

-sslConfigAliasName

The alias name of the SSL configuration. (String, required)

-scopeName

The name of the scope. (String, optional)

-securityLevel

The cipher group that you want to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)

-provider

(String, optional)

• Returns: A list of SSL ciphers.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg -securityLevel HIGH}

• Using Jython string:

  AdminTask.listSSLCiphers ('[-sslConfigAliasName testSSLCfg -securityLevel HIGH]')

• Using Jython list:

  AdminTask.listSSLCiphers (['-sslConfigAliasName', 'testSSLCfg', '-securityLevel', 'HIGH'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listSSLCiphers {-interactive}

• Using Jython string:

  AdminTask.listSSLCiphers ('[-interactive]')

• Using Jython list:

  AdminTask.listSSLCiphers (['-interactive'])

listSSLConfig

The listSSLConfig command lists the defined SSL configurations within a management scope.

Target object None.

Required parameters and return values

-scopeName

The name of the scope. (String, optional)

-displayObjectName

Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

• Returns: A list of defined SSL configurations.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listSSLConfig {-scopeName (cell): localhostNode01Cell:(node):localhostNode01 
  -displayObjectName true}

• Using Jython string:

  AdminTask.listSSLConfig('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 
  -displayObjectName true]')

• Using Jython list:

  AdminTask.listSSLConfig(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', 
  '-displayObjectName', 'true'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listSSLConfig {-interactive}

• Using Jython string:

  AdminTask.listSSLConfig('[-interactive]')

• Using Jython list:

  AdminTask.listSSLConfig(['-interactive'])

listSSLConfigProperties

The listSSLConfigProperties command lists the properties for a SSL configuration.

Target object None.

Required parameters and return values

-sslConfigAliasName

The alias name of the SSL configuration. (String, required)

-scopeName

The name of the scope. (String, optional)

-displayObjectName

Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

• Returns: A list of properties.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listSSLConfigProperty {-alias No deDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}

• Using Jython string:

  AdminTask.listSSLConfigProperty('[-alias No deDefaultSSLSettings -scopeName 
  (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')

• Using Jython list:

  AdminTask.listSSLConfigProperty(['-alias', 'No', 'deDefaultSSLSettings', '-scopeName', 
  '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listSSLConfigProperties {-interactive}

• Using Jython string:

  AdminTask.listSSLConfigProperties('[-interactive]')

• Using Jython list:

  AdminTask.listSSLConfigProperties(['-interactive'])

modifySSLConfig

The modifySSLConfig command modifies the settings of an existing SSL configuration.

Target object None.

Required parameters and return values

-alias

The name of the alias. (String, required)

-scopeName

The name of the scope. (String, optional)

-clientKeyAlias

The certificate alias name for the client. (String, optional)

-serverKeyAlias

The certificate alias name for the server. (String, optional)

-type

The type of SSL configuration. (String, optional)

-clientAuthentication

Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-securityLevel

The cipher group that you want to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, optional)

-enabledCiphers

A list of ciphers used during SSL handshake. (String, optional)

-jsseProvider

One of the JSSE providers. (String, optional)

-clientAuthenticationSupported

Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)

-sslProtocol

The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)

-trustManagerObjectNames

A list of trust managers separated by commas. (String, optional)

-trustStoreName

The key store that holds trust information used to validate the trust from remote connections. (String, optional)

-trustStoreScopeName

The management scope name of the trust store. (String, optional)

-keyStoreName

The key store that holds the personal certificates that provide identity for the connection. (String, optional)

-keyStoreScopeName

The management scope name of the key store. (String, optional)

-ssslKeyRingName

Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)

• Returns: None.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1 
  -serverKeyAlias tstKey2 -securityLevel LOW}

• Using Jython string:

  AdminTask.modifySSLConfig ('[-alias testSSLCfg -clientKeyAlias tstKey1 
  -serverKeyAlias tstKey2 -securityLevel LOW]')

• Using Jython list:

  AdminTask.modifySSLConfig (['-alias', 'testSSLCfg', '-clientKeyAlias', 
  'tstKey1', '-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask modifySSLConfig {-interactive}

• Using Jython string:

  AdminTask.modifySSLConfig ('[-interactive]')

• Using Jython list:

  AdminTask.modifySSLConfig (['-interactive'])

Related tasks

Related Reference

Reference topic