You can use properties files to create, modify, or delete
secure socket layer properties.
Before you begin
Determine the changes that you want to make to your secure
socket layer object or its properties.
Start the wsadmin scripting
tool. To start wsadmin using the Jython language, run the wsadmin
-lang Jython
command from the bin directory
of the server profile.
About this task
Using a properties file, you can create, modify, or delete
a secure socket layer object.
Run administrative commands using
wsadmin to create or change a properties file for a secure socket
layer, validate the properties, and apply them.
Table 1. Actions for secure socket layer properties
files . You can create, modify, and delete secure socket
layer properties.
Action |
Procedure |
create |
Set required properties and then run the applyConfigProperties
command. |
modify |
Edit any properties and then run the applyConfigProperties
command.. |
delete |
To delete the entire SecureSocketLayer object,
uncomment #DELETE=true and then run the deleteConfigProperties
command. |
create Property |
Not applicable |
delete Property |
Not applicable |
Optionally, you can use interactive mode with the commands:
AdminTask.command_name('-interactive')
Procedure
- Create a properties file for a secure socket layer.
- Set SecureSocketLayer properties as needed.
Open an editor on a SecureSocketLayer properties file. Modify the Environment Variables section
to match your system and set any property value that needs to be changed. For more information about
property values, see SSL configurations. To specify a custom property, edit the
AttributeInfo value and properties. An example SecureSocketLayer properties file follows:
#
# Header
#
ResourceType=SecureSocketLayer
ImplementingResourceType=Security
ResourceId=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSettings,managementScope#
"Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"":SecureSocketLayer=
AttributeInfo=setting
#
#
#Properties
#
keyFileName=null
enableCryptoHardwareSupport=false #boolean,default(false)
serverKeyAlias=null
sslProtocol=TLSv1.3,TLSv1.2
clientAuthentication=false #boolean,default(false)
securityLevel=HIGH #ENUM(MEDIUM|HIGH|CUSTOM|LOW),default(HIGH)
keyFileFormat=JKS #ENUM(JCEK|JKS|JCERACFKS|JCE4758RACFKS|PKCS12),default(JKS)
CryptoHardwareToken"=null
keyStore=CellDefaultKeyStore #ObjectName(KeyStore)
enabledCiphers=
keyManager=IbmX509 #ObjectName(KeyManager)
trustFileFormat=JKS #ENUM(JCEK|JKS|JCERACFKS|JCE4758RACFKS|PKCS12),default(JKS)
clientAuthenticationSupported=false #boolean,default(false)
trustStore=CellDefaultTrustStore #ObjectName(KeyStore)
keyFilePassword=null
jsseProvider=IBMJSSE2
clientKeyAlias=null
trustFileName=null
trustFilePassword=null
trustManager={IbmPKIX} #ObjectName*(TrustManager)
#
EnvironmentVariablesSection
#Environment Variables
cellName=myCell
- Run the applyConfigProperties command to create or change
a secure socket layer object.
Running the applyConfigProperties
command applies the properties file to the configuration. In this
Jython example, the optional -reportFileName
parameter
produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt '])
- Modify an existing properties file.
- Obtain a properties file for the SecureSocketLayer object
that you want to change.
You can extract a properties
file for a SecureSocketLayer object using the extractConfigProperties
command.
- Open the properties file in an editor and change the
properties as needed.
Ensure that the environment variables
in the properties file match your system.
- Run the applyConfigProperties command.
- If you no longer need the secure socket layer object, you
can delete the entire SSL object.
To delete the entire
object, specify DELETE=true
in the header section
of the properties file and run the deleteConfigProperties command;
for example:
AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
Results
You can use the properties file to configure and manage
the secure socket layer object and its properties.
What to do next
Save the changes to your configuration.