SignerCertificateCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SignerCertificateCommands group can be used to create and modify signer certificates in relation to the key store file and to query for signer information on ports of remote hosts.
addSignerCertificate
The addSignerCertificate command add a signer certificate from a certificate file to a keystore.
Target object
None.Required parameters
- -keyStoreName
- Specifies the name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- Specifies the name that uniquely identifies the certificate request in a keystore. (String, required)
- -certificateFilePath
- Specifies the full path of the request file that contains the certificate. (String, required)
- -base64Encoded
- Specifies that the certificate is a Base64 encoded ASCII data file type if the value is set to true. Set the value of this parameter to false if the certificate is a binary DER data file type. (Boolean, required)
Optional parameters
- -keyStoreScope
- Specifies the scope name of the keystore. (String, optional)
Example output
The command does not return output.Examples
Batch mode example usage:
- Using Jacl:
$AdminTask addSignerCertificate {-keyStoreName testKeyStore -certificateAlias default -certificateFilePath <file path> -base64Encoded true}
- Using Jython string:
AdminTask.addSignerCertificate('[-keyStoreName testKeyStore -certificateAlias default -certificateFilePath <file path> -base64Encoded true]')
- Using Jython list:
AdminTask.addSignerCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default', '-certificateFilePath', '<file path>', '-base64Encoded', 'true'])
Interactive mode example usage:
- Using Jacl:
$AdminTask addSignerCertificate {-interactive}
- Using Jython string:
AdminTask.addSignerCertificate ('[-interactive]')
deleteSignerCertificate
The deleteSignerCertificate command delete a signer certificate from a certificate file from a keystore.
Target object
None.Required parameters
- -keyStoreName
- Specifies the name that uniquely identifies the keystore configuration object. (String, required)
- -certificateAlias
- Specifies the name that uniquely identifies the certificate request in a keystore. (String, required)
Optional parameters
- -keyStoreScope
- Specifies the scope name of the keystore. (String, optional)
Example output
The command does not return output.Examples
Batch mode example usage:
- Using Jacl:
$AdminTask deleteSignerCertificate {-keyStoreName testKeyStore -certificateAlias default}
- Using Jython string:
AdminTask.deleteSignerCertificate('[-keyStoreName testKeyStore -certificateAlias default]')
- Using Jython list:
AdminTask.deleteSignerCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default'])
Interactive mode example usage:
- Using Jacl:
$AdminTask deleteSignerCertificate {-interactive}
- Using Jython string:
AdminTask.deleteSignerCertificate ('[-interactive]')
extractSignerCertificate
The extractSignerCertificate command extracts a signer certificate from a key store to a file.
Target object
None
Parameters and return values
- -keyStoreName
- The name of the key store where the signer certificate is located. (String, required)
- -keyStoreScope
- The management scope of the key store. (String, optional)
- -certificateAlias
- The alias name of the signer certificate in the key store. (String, required)
- -certificateFilePath
- The full path name of the file that contains the signer certificate. (String, required)
- -base64Encoded
- Set the value of this parameter to true if the certificate is ascii base 64 encoded. Set the value of this parameter to false if the certificate is binary. (String, required)
Examples
Interactive mode example usage:
- Using Jacl:
$AdminTask extractSignerCertificate {-interactive}
- Using Jython string:
AdminTask.extractSignerCertificate ('[-interactive]')
- Using Jython list:
AdminTask.extractSignerCertificate (['-interactive'])
getSignerCertificate
The getSignerCertificate command obtains information about a signer certificate from a key store.
Target object
None
Parameters and return values
- -keyStoreName
- The name of the key store where the signer certificate is located. (String, required)
- -keyStoreScope
- The management scope of the key store. (String, optional)
- -certificateAlias
- The alias name of the signer certificate in the key store. (String, required)
Examples
Interactive mode example usage:
- Using Jacl:
$AdminTask getSignerCertificate {-interactive}
- Using Jython string:
AdminTask.getSignerCertificate ('[-interactive]')
- Using Jython list:
AdminTask.getSignerCertificate (['-interactive'])
listSignerCertificates
The listSignerCertificates command lists all signer certificates in a particular key store.
Target object
None
Parameters and return values
- -keyStoreName
- The name of the key store where the signer certificate is located. (String, required)
- -keyStoreScope
- The management scope of the key store. (String, optional)
Examples
Interactive mode example usage:
- Using Jacl:
$AdminTask listSignerCertificates {-interactive}
- Using Jython string:
AdminTask.listSignerCertificates ('[-interactive]')
- Using Jython list:
AdminTask.listSignerCertificates (['-interactive'])
retrieveSignerFromPort
The retrieveSignerFromPort command retrieves a signer from a remote host and stores the signer in a key store. The command will retrieve the root certificate information from the certificate chain on the port. To retrieve the leaf certificate users can set the security customer property com.ibm.websphere.ssl.retrieveLeafCert to true
Target object
None
Parameters and return values
- -host
- The host name of the system from where the signer certificate will be retrieved. (String, required)
- -port
- The port of the remote system from where the signer certificate will be retrieved. (Integer, required)
- -certificateAlias
- Specifies a unique name to identify a certificate. (String, required)
- -keyStoreName
- The name of the key store where the signer certificate is located. (String, required)
- -keyStoreScope
- The management scope of the key store. (String, optional)
- -sslConfigName
- The name of the SSL configuration object. (String, optional)
- -sslConfigScopeName
- The management scope where the SSL configuration object is located. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask retrieveSignerFromPort {-host serverHost -port 443 -keyStoreName testKeyStore -certificateAlias serverHostSigner}
- Using Jython string:
AdminTask.retrieveSignerFromPort ('[-host serverHost -port 443 -keyStoreName testKeyStore -certificateAlias serverHostSigner]')
- Using Jython list:
AdminTask.retrieveSignerFromPort (['-host', 'serverHost', '-port', '443', '-keyStoreName', 'testKeyStore', '-certificateAlias', 'serverHostSigner'])
Interactive mode example usage:
- Using Jacl:
$AdminTask retrieveSignerFromPort {-interactive}
- Using Jython string:
AdminTask.retrieveSignerFromPort ('[-interactive]')
- Using Jython list:
AdminTask.retrieveSignerFromPort (['-interactive'])
retrieveSignerInfoFromPort
The retrieveSignerInfoFromPort command retrieves signer information from a port on a remote host. The command will retrieve the root certificate information from the certificate chain on the port. To retrieve the leaf certificate users can set the security customer property com.ibm.websphere.ssl.retrieveLeafCert to true
Target object
None
Parameters and return values
- -host
- The host name of the system from where the signer certificate will be retrieved. (String, required)
- -port
- The port of the remote system from where the signer certificate will be retrieved. (Integer, required)
- -sslConfigName
- The name of the SSL configuration object. (String, optional)
- -sslConfigScopeName
- The management scope where the SSL configuration object is located. (String, optional)
Examples
Interactive mode example usage:
- Using Jacl:
$AdminTask retrieveSignerInfoFromPort {-interactive}
- Using Jython string:
AdminTask.retrieveSignerInfoFromPort ('[-interactive]')
- Using Jython list:
AdminTask.retrieveSignerInfoFromPort (['-interactive'])