Working with secure socket layer properties files

You can use properties files to create, modify, or delete secure socket layer properties.

AdminTask.command_name('-interactive')

• Create a properties file for a secure socket layer.
  1. Set SecureSocketLayer properties as needed.

     Open an editor on a SecureSocketLayer properties file. Modify the Environment Variables section to match your system and set any property value that needs to be changed. For more information about property values, see SSL configurations. To specify a custom property, edit the AttributeInfo value and properties. An example SecureSocketLayer properties file follows:

     #
     # Header 
     #
     ResourceType=SecureSocketLayer
     ImplementingResourceType=Security
     ResourceId=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSettings,managementScope#
     "Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"":SecureSocketLayer=
     AttributeInfo=setting
     #
     
     #
     #Properties
     #
     keyFileName=null
     enableCryptoHardwareSupport=false #boolean,default(false)
     serverKeyAlias=null
     sslProtocol=TLSv1.3,TLSv1.2
     clientAuthentication=false #boolean,default(false)
     securityLevel=HIGH #ENUM(MEDIUM|HIGH|CUSTOM|LOW),default(HIGH)
     keyFileFormat=JKS #ENUM(JCEK|JKS|JCERACFKS|JCE4758RACFKS|PKCS12),default(JKS)
     CryptoHardwareToken"=null
     keyStore=CellDefaultKeyStore #ObjectName(KeyStore)
     enabledCiphers=
     keyManager=IbmX509 #ObjectName(KeyManager)
     trustFileFormat=JKS #ENUM(JCEK|JKS|JCERACFKS|JCE4758RACFKS|PKCS12),default(JKS)
     clientAuthenticationSupported=false #boolean,default(false)
     trustStore=CellDefaultTrustStore #ObjectName(KeyStore)
     keyFilePassword=null
     jsseProvider=IBMJSSE2
     clientKeyAlias=null
     trustFileName=null
     trustFilePassword=null
     trustManager={IbmPKIX} #ObjectName*(TrustManager)
     
     #
     EnvironmentVariablesSection
     #Environment Variables
     cellName=myCell

  2. Run the applyConfigProperties command to create or change a secure socket layer object.

     Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:

     AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt '])

• Modify an existing properties file.
  1. Obtain a properties file for the SecureSocketLayer object that you want to change.

     You can extract a properties file for a SecureSocketLayer object using the extractConfigProperties command.

  2. Open the properties file in an editor and change the properties as needed.

     Ensure that the environment variables in the properties file match your system.

  3. Run the applyConfigProperties command.
• If you no longer need the secure socket layer object, you can delete the entire SSL object.

  To delete the entire object, specify DELETE=true in the header section of the properties file and run the deleteConfigProperties command; for example:

  AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')