You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties.
The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. You can use the SSL configuration settings to make the SSL connections.
Target object
None.Required parameters
Optional parameters
Example output
The command returns the configuration object name of the new SSL configuration object.
$AdminTask createSSLConfig {-alias testSSLCfg -clientKeyAlias key1 -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName testKS -keyManagerName testKeyMgr}
AdminTask.createSSLConfig('[-alias testSSLCfg -clientKeyAlias key1 -serverKeyAlias key2 -trustStoreNames trustKS –keyStoreName testKS -keyManagerName testKeyMgr]')
AdminTask.createSSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'key1', '-serverKeyAlias', 'key2', '-trustStoreNames', 'trustKS', '–keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])
$AdminTask createSSLConfig {-interactive}
AdminTask.createSSLConfig('-interactive')
The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.
Target object
None.Required parameters
Optional parameters
Example output
The command does not return output.
$AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName test.property -propertyValue testValue}
AdminTask.createSSLConfigProperty('[-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName test.property -propertyValue testValue]')
AdminTask.createSSLConfigProperty(['-sslConfigAliasName', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName', 'test.property', '-propertyValue', 'testValue'])
$AdminTask createSSLConfigProperty {-interactive}
AdminTask.createSSLConfigProperty('-interactive')
The deleteSSLConfig command deletes the SSL configuration object that you specify from the configuration.
Target object
None.Required parameters and return values
Optional parameters
Example output
The command does not return output.
$AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
AdminTask.deleteSSLConfig('[-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
AdminTask.deleteSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
$AdminTask deleteSSLConfig {-interactive}
AdminTask.deleteSSLConfig('-interactive')
The getInheritedSSLConfig command returns the SSL configuration alias and certificate alias from which a given management scope and direction inherits its SSL configuration information. This command only returns inheritance information; it does not return information about an SSL configuration that is effective for a give scope.
Target object
None.
Required parameters and return values
Optional parameters
None.
Example output
The command returns the SSL configuration alias and certificate alias from which the specified management scope and direction inherits its SSL configuration information.
$AdminTask getInheritedSSLConfig {-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound} CellDefaultSSLSettings,null
AdminTask.getInheritedSSLConfig('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound]') CellDefaultSSLSettings,null
The getSSLConfig command obtains information about an SSL configuration and displays the settings.
Target object
None.Required parameters and return values
Optional parameters
The command returns information about the SSL configuration of interest.
$AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
AdminTask.getSSLConfig('[-alias NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
AdminTask.getSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
$AdminTask getSSLConfig {-interactive}
AdminTask.getSSLConfig('-interactive')
The getSSLConfigProperties command obtains information about SSL configuration properties.
Target object
None.Required parameters and return values
Optional parameters
Example output
The command returns additional information about the SSL configuration properties.
$AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01}
AdminTask.getSSLConfigProperties('[-sslConfigAliasName NodeDefaultSSLSettings -scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
AdminTask.getSSLConfigProperties(['-sslConfigAliasName', 'NodeDefaultSSLSettings', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
$AdminTask getSSLConfigProperties {-interactive}
AdminTask.getSSLConfigProperties('-interactive')
The listSSLCiphers command lists the SSL ciphers.
Target object
None.Required parameters
Optional parameters
Example output
The command returns a list of SSL ciphers.
$AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg -securityLevel HIGH}
AdminTask.listSSLCiphers('[-sslConfigAliasName testSSLCfg -securityLevel HIGH]')
AdminTask.listSSLCiphers(['-sslConfigAliasName', 'testSSLCfg', '-securityLevel', 'HIGH'])
$AdminTask listSSLCiphers {-interactive}
AdminTask.listSSLCiphers('-interactive')
The listSSLConfigs command lists the defined SSL configurations within a management scope.
Target object
None.Optional parameters
Example output
The command returns a list of defined SSL configurations.
$AdminTask listSSLConfigs {-scopeName (cell): localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
AdminTask.listSSLConfigs('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
AdminTask.listSSLConfigs(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
$AdminTask listSSLConfigs {-interactive}
AdminTask.listSSLConfigs('-interactive')
The listSSLConfigProperties command lists the properties for a SSL configuration.
Target object
None.Required parameters
Optional parameters
Example output
The command returns SSL configuration properties.
$AdminTask listSSLConfigProperty {-alias SSL123 -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
AdminTask.listSSLConfigProperty('[-alias SSL123 -scopeName (cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
AdminTask.listSSLConfigProperty(['-alias', 'SSL123', '-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
$AdminTask listSSLConfigProperties {-interactive}
AdminTask.listSSLConfigProperties('-interactive')
The listSSLProtocolTypes command lists the SSL protocols valid for the current configured security level. If a security standard is not enabled, the full list of valid protocols are returned. Otherwise, the list of appropriate protocols for the configured security level is returned.
Target object
None.Required parameters
None.Returns
This command lists all available protocols for the current FIPS level.Security mode | Available protocol types |
---|---|
FIPS not enabled | SSL_TLS |
FIPS140-2 | TLS |
SP800-131 - Transition | TLS |
SP800-131 - Strict | TLSv1.2 |
Suite B 128 | TLSv1.2 |
SP800-131 - Suite B 192 | TLSv1.2 |
$AdminTask listSSLProtocolTypes TLSv1.2
The listSSLRepertoires command lists all of the Secure Sockets Layer (SSL) configuration instances that you can associate with an SSL inbound channel.If you create a new SSL alias using the administrative console, the alias name is automatically created in the node_name/alias_name format. However, if you create a new SSL alias using the wsadmin tool, you must create the SSL alias and specify both the node name and alias name in the node_name/alias_name format.
Target object
SSLInboundChannel instance for which the SSLConfig candidates are listed.Required parameters
None.Optional parameters
None.Sample output
The command returns a list of eligible SSL configuration object names.$AdminTask listSSLRepertoires SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/ server2|server.xml#SSLInboundChannel_1093445762330)
print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/ servers/server2|server.xml#SSLInboundChannel_1093445762330)')
print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/ servers/server2|server.xml#SSLInboundChannel_1093445762330)')
$AdminTask listSSLRepertoires {-interactive}
print AdminTask.listSSLRepertoires('-interactive')
The modifySSLConfig command modifies the settings of an existing SSL configuration.
Target object
None.Required parameters
Optional parameters
Example output
The command does not return output.
$AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1 -serverKeyAlias tstKey2 -securityLevel LOW}
AdminTask.modifySSLConfig('[-alias testSSLCfg -clientKeyAlias tstKey1 -serverKeyAlias tstKey2 -securityLevel LOW]')
AdminTask.modifySSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'tstKey1', '-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])
$AdminTask modifySSLConfig {-interactive}
AdminTask.modifySSLConfig('-interactive')