You can use the Jython or Jacl scripting languages to configure
security with the wsadmin tool. The commands and parameters in the PersonalCertificateCommands
group can be used to create and manage personal or signer certificates.
The PersonalCertificateCommands command group for the AdminTask object
includes the following commands:
createSelfSignedCertificate
The createSelfSignedCertificate command creates a personal certificate in a keystore.
Target
object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
- -certificateVersion
- The version of the certificate. (String, required)
- -certificateSize
- The size of the certificate. (Integer, required)
- -certificateCommonName
- The common name of the certificate. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -certificateOrganization
- The organization of the certificate. (String, optional)
- -certificateOrganizationalUnit
- The organizational unit of the certificate. (String, optional)
- -certificateLocality
- The locality of the certificate. (String, optional)
- -certificateState
- The state of the certificate. (String, optional)
- -certificateZip
- The zip code of the certificate. (String, optional)
- -certificateCountry
- The country of the certificate. (String, optional)
- -certificateValidDays
- The amount of time in days for which the certificate is valid. (Integer,
optional)
Example output
The command
does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask createSelfSignedCertificate {-keyStoreName testKeyStore -certificateAlias
default -certificateCommonName localhost -certificateOrganization ibm}
- Using Jython string:
AdminTask.createSelfSignedCertificate('[-keyStoreName testKeyStore -certificateAlias
default -certificateCommonName localhost -certificateOrganization ibm]')
- Using Jython list:
AdminTask.createSelfSignedCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias',
'default', '-certificateCommonName', 'localhost', '-certificateOrganization', 'ibm'])
Interactive mode example usage:
- Using Jacl:
$AdminTask createSelfSignedCertificate {-interactive}
- Using Jython string:
AdminTask.createSelfSignedCertificate ('[-interactive]')
- Using Jython list:
AdminTask.createSelfSignedCertificate (['-interactive'])
deleteCertificate
The deleteCertificate command
deletes a personal certificate from a keystore.
Target
object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command
does not return output.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask deleteCertificate {-interactive}
- Using Jython string:
AdminTask.deleteCertificate ('[-interactive]')
- Using Jython list:
AdminTask.deleteCertificate (['-interactive'])
exportCertificate
The exportCertificate command
exports a personal certificate from one keystore to another.
Target
object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -keyStorePassword
- The password to the keystore. (String, required)
- -keyFilePath
- The full path to a keystore file that is located in a file system. The
store from where a certificate will be imported or exported. (String, required)
- -keyFilePassword
- The password to the keystore file. (String, required)
- -keyFileType
- The type of the key file. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -aliasInKeyStore
- (String, optional)
Example output
The command
does not return output.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask exportCertificate {-interactive}
- Using Jython string:
AdminTask.exportCertificate ('[-interactive]')
- Using Jython list:
AdminTask.exportCertificate (['-interactive'])
extractCertificate
The extractCertificate command
extracts the signer part of a personal certificate to a file.
Target
object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
- -certificateFilePath
- The full path of the request file that contains the certificate. (String,
required)
- -base64Encoded
- Set the value of this parameter to true if the certificate is
a Base64 encoded ASCII file type. Set the value of this parameter to false if
the certificate is binary. (Boolean, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command
does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask extractCertificate {-keyStoreName testKeyStore -certificateFilePath
c:\temp\CertFile.arm -certificateAlias testCertificate}
- Using Jython string:
AdminTask.extractCertificate('[-keyStoreName testKeyStore -certificateFilePath
c:\temp\CertFile.arm -certificateAlias testCertificate]')
- Using Jython list:
AdminTask.extractCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath',
'c:\temp\CertFile.arm', '-certificateAlias', 'testCertificate'])
Interactive mode example usage:
- Using Jacl:
$AdminTask extractCertificate {-interactive}
- Using Jython string:
AdminTask.extractCertificate ('[-interactive]')
- Using Jython list:
AdminTask.extractCertificate (['-interactive'])
getCertificate
The getCertificate command
obtains information about a particular personal certificate in a keystore.
Target object
None.
Required
parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command
returns information about the certificate request.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask getCertificate {-interactive}
- Using Jython string:
AdminTask.getCertificate ('[-interactive]')
- Using Jython list:
AdminTask.getCertificate (['-interactive'])
importCertificate
The importCertificate command
imports a personal certificate from a keystore.
Target
object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -keyFilePath
- The full path to a keystore file that is located in a file system. The
store from where a certificate will be imported or exported. (String, required)
- -keyFilePassword
- The password to the keystore file. (String, required)
- -keyFileType
- The type of the key file. (String, required)
- -certificateAliasFromKeyFile
- The certificate alias in the key file from which the certificate is being
imported. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command
does not return output.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask importCertificate {-interactive}
- Using Jython string:
AdminTask.importCertificate ('[-interactive]')
- Using Jython list:
AdminTask.importCertificate (['-interactive'])
listPersonalCertificates
The listPersonalCertificates command lists the personal certificates in a particular keystore.
Target object
None.
Required
parameters and return values
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command
returns a list of attributes for each personal certificate in a keystore.
Examples
Interactive mode example usage:
- Using Jacl:
$AdminTask listPersonalCertificates {-interactive}
- Using Jython string:
AdminTask.listPersonalCertificates ('[-interactive]')
- Using Jython list:
AdminTask.listPersonalCertificates (['-interactive'])
receiveCertificate
The receiveCertificate command
receives a signer certificate from a file to a personal certificate.
Target object
None.
Required
parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
- -certificateFilePath
- The full path of the file that contains the certificate. (String, required)
- -base64Encoded
- Set the value of this parameter to true if the certificate is
ascii base 64 encoded. Set the value of this parameter to false if
the certificate is binary. (Boolean, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The command
does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask receiveCertificate {-keyStoreName testKeyStore
-certificateFilePath c:\temp\CertFile.arm}
- Using Jython string:
AdminTask.receiveCertificate('[-keyStoreName testKeyStore
-certificateFilePath c:\temp\CertFile.arm]')
- Using Jython list:
AdminTask.receiveCertificate(['-keyStoreName', 'testKeyStore',
'-certificateFilePath', 'c:\temp\CertFile.arm'])
Interactive mode example usage:
- Using Jacl:
$AdminTask receiveCertificate {-interactive}
- Using Jython string:
AdminTask.receiveCertificate ('[-interactive]')
- Using Jython list:
AdminTask.receiveCertificate (['-interactive'])
replaceCertificate
The replaceCertificate command
replaces a personal certificate with a new one. Replaces all signer certificates
from the personal certificate.
Target object
None.
Required parameters and return values
- -keyStoreName
- The name that uniquely identifies the keystore configuration object. (String,
required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a keystore.
(String, required)
- -replacementCertificateAlias
- The alias of the certificate that is used to replace a different certificate.
(String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -deleteOldCert
- Set the value of this parameter to true if you want to delete
the old signer certificates during certificate replacement. Otherwise, set
the value of this parameter to false. (Boolean, optional)
- -deleteOldSigners
- Set the value of this parameter to true if you want to delete
the old certificates during certificate replacement. Otherwise, set the value
of this parameter to false. (Boolean, optional)
Example output
The command
does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask replaceCertificate {-keyStoreName testKeyStore -certificateAlias default
-replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true}
- Using Jython string:
AdminTask.replaceCertificate('[-keyStoreName testKeyStore -certificateAlias default
-replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true]')
- Using Jython list:
AdminTask.replaceCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias',
'default', '-replacementCertificateAlias', 'replaceCert', '-deleteOldCert', 'true',
'-deleteOldSigners', 'true'])
Interactive mode example usage:
- Using Jacl:
$AdminTask replaceCertificate {-interactive}
- Using Jython string:
AdminTask.replaceCertificate ('[-interactive]')
- Using Jython list:
AdminTask.replaceCertificate (['-interactive'])