You can use the Jython or Jacl scripting languages to configure
security with the wsadmin tool. The commands and parameters in the
PersonalCertificateCommands group can be used to create and manage
personal or signer certificates.
The PersonalCertificateCommands command group for the AdminTask
object includes the following commands:
createSelfSignedCertificate
The createSelfSignedCertificate command
creates a personal certificate in a keystore.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
- -certificateVersion
- The version of the certificate. (String, required)
- -certificateSize
- The size of the certificate. (Integer, required)
- -certificateCommonName
- The common name of the certificate. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -certificateOrganization
- The organization of the certificate. (String, optional)
- -certificateOrganizationalUnit
- The organizational unit of the certificate. (String, optional)
- -certificateLocality
- The locality of the certificate. (String, optional)
- -certificateState
- The state of the certificate. (String, optional)
- -certificateZip
- The zip code of the certificate. (String, optional)
- -certificateCountry
- The country of the certificate. (String, optional)
- -certificateValidDays
- The amount of time in days for which the certificate is valid.
(Integer, optional)
Example output
The
command does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask createSelfSignedCertificate {-keyStoreName testKeyStore -certificateAlias
default -certificateCommonName localhost -certificateOrganization ibm}
- Using Jython string:
AdminTask.createSelfSignedCertificate('[-keyStoreName testKeyStore -certificateAlias
default -certificateCommonName localhost -certificateOrganization ibm]')
- Using Jython list:
AdminTask.createSelfSignedCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias',
'default', '-certificateCommonName', 'localhost', '-certificateOrganization', 'ibm'])
Interactive mode example usage:
- Using Jacl:
$AdminTask createSelfSignedCertificate {-interactive}
- Using Jython string:
AdminTask.createSelfSignedCertificate ('[-interactive]')
- Using Jython list:
AdminTask.createSelfSignedCertificate (['-interactive'])
deleteCertificate
The deleteCertificate command
deletes a personal certificate from a keystore.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The
command does not return output.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask deleteCertificate {-interactive}
- Using Jython string:
AdminTask.deleteCertificate ('[-interactive]')
- Using Jython list:
AdminTask.deleteCertificate (['-interactive'])
exportCertificate
The exportCertificate command
exports a personal certificate from one keystore to another.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -keyStorePassword
- The password to the keystore. (String, required)
- -keyFilePath
- The full path to a keystore file that is located in a file system.
The store from where a certificate will be imported or exported. (String,
required)
- -keyFilePassword
- The password to the keystore file. (String, required)
- -keyFileType
- The type of the key file. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -aliasInKeyStore
- (String, optional)
Example output
The
command does not return output.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask exportCertificate {-interactive}
- Using Jython string:
AdminTask.exportCertificate ('[-interactive]')
- Using Jython list:
AdminTask.exportCertificate (['-interactive'])
extractCertificate
The extractCertificate command
extracts the signer part of a personal certificate to a file.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
- -certificateFilePath
- The full path of the request file that contains the certificate.
(String, required)
- -base64Encoded
- Set the value of this parameter to true if the certificate
is a Base64 encoded ASCII file type. Set the value of this parameter
to false if the certificate is binary. (Boolean, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The
command does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask extractCertificate {-keyStoreName testKeyStore -certificateFilePath
c:/temp/CertFile.arm -certificateAlias testCertificate}
- Using Jython string:
AdminTask.extractCertificate('[-keyStoreName testKeyStore -certificateFilePath
c:/temp/CertFile.arm -certificateAlias testCertificate]')
- Using Jython list:
AdminTask.extractCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath',
'c:/temp/CertFile.arm', '-certificateAlias', 'testCertificate'])
Interactive mode example usage:
- Using Jacl:
$AdminTask extractCertificate {-interactive}
- Using Jython string:
AdminTask.extractCertificate ('[-interactive]')
- Using Jython list:
AdminTask.extractCertificate (['-interactive'])
getCertificate
The getCertificate command
obtains information about a particular personal certificate in a keystore.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The
command returns information about the certificate request.
Examples
Interactive mode example
usage:
- Using Jacl:
$AdminTask getCertificate {-interactive}
- Using Jython string:
AdminTask.getCertificate ('[-interactive]')
- Using Jython list:
AdminTask.getCertificate (['-interactive'])
importCertificate
The importCertificate command
imports a personal certificate from a keystore.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -keyFilePath
- The full path to a keystore file that is located in a file system.
The store from where a certificate will be imported or exported. (String,
required)
- -keyFilePassword
- The password to the keystore file. (String, required)
- -keyFileType
- The type of the key file. (String, required)
- -certificateAliasFromKeyFile
- The certificate alias in the key file from which the certificate
is being imported. (String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The
command does not return output.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask importCertificate {-interactive}
- Using Jython string:
AdminTask.importCertificate ('[-interactive]')
- Using Jython list:
AdminTask.importCertificate (['-interactive'])
listPersonalCertificates
The listPersonalCertificates command
lists the personal certificates in a particular keystore.
Target object
None.
Required parameters and return values
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
The value of this field is not a path to the keystore file. (String,
required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. To obtain a list of the keystore
scope values, see the listManagementScopes command,
which is part of the ManagementScopeCommands command
group. (String, optional)
Example output
The
command returns a list of attributes for each personal certificate
in a keystore.
Examples
Interactive
mode example usage:
- Using Jacl:
$AdminTask listPersonalCertificates {-interactive}
- Using Jython string:
AdminTask.listPersonalCertificates ('[-interactive]')
- Using Jython list:
AdminTask.listPersonalCertificates (['-interactive'])
receiveCertificate
The receiveCertificate command
receives a signer certificate from a file to a personal certificate.
Target object
None.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
- -certificateFilePath
- The full path of the file that contains the certificate. (String,
required)
- -base64Encoded
- Set the value of this parameter to true if the certificate
is ascii base 64 encoded. Set the value of this parameter to false if
the certificate is binary. (Boolean, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
Example output
The
command does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask receiveCertificate {-keyStoreName testKeyStore
-certificateFilePath c:\temp\CertFile.arm}
- Using Jython string:
AdminTask.receiveCertificate('[-keyStoreName testKeyStore
-certificateFilePath c:/temp/CertFile.arm]')
- Using Jython list:
AdminTask.receiveCertificate(['-keyStoreName', 'testKeyStore',
'-certificateFilePath', 'c:/temp/CertFile.arm'])
Interactive mode example usage:
- Using Jacl:
$AdminTask receiveCertificate {-interactive}
- Using Jython string:
AdminTask.receiveCertificate ('[-interactive]')
- Using Jython list:
AdminTask.receiveCertificate (['-interactive'])
replaceCertificate
The replaceCertificate command
replaces a personal certificate with a new one. Replaces all signer
certificates from the personal certificate.
Target object
None.
Required parameters and return values
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -certificateAlias
- The name that uniquely identifies the certificate request in a
keystore. (String, required)
- -replacementCertificateAlias
- The alias of the certificate that is used to replace a different
certificate. (String, required)
Optional parameters
- -keyStoreScope
- The scope name of the keystore. (String, optional)
- -deleteOldCert
- Set the value of this parameter to true if you want to
delete the old signer certificates during certificate replacement.
Otherwise, set the value of this parameter to false. (Boolean,
optional)
- -deleteOldSigners
- Set the value of this parameter to true if you want to
delete the old certificates during certificate replacement. Otherwise,
set the value of this parameter to false. (Boolean, optional)
Example output
The
command does not return output.
Examples
Batch
mode example usage:
- Using Jacl:
$AdminTask replaceCertificate {-keyStoreName testKeyStore -certificateAlias default
-replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true}
- Using Jython string:
AdminTask.replaceCertificate('[-keyStoreName testKeyStore -certificateAlias default
-replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true]')
- Using Jython list:
AdminTask.replaceCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias',
'default', '-replacementCertificateAlias', 'replaceCert', '-deleteOldCert', 'true',
'-deleteOldSigners', 'true'])
Interactive mode example usage:
- Using Jacl:
$AdminTask replaceCertificate {-interactive}
- Using Jython string:
AdminTask.replaceCertificate ('[-interactive]')
- Using Jython list:
AdminTask.replaceCertificate (['-interactive'])