The securityUtility command supports
plain text encryption and SSL certificate creation for a Liberty profile.
Syntax
The command syntax is
as follows:
securityUtility task [options]
where
the options are different based on the value
of task.
Parameters
The following tasks
are available for the
securityUtility command:
- encode
- Encodes the provided text using Base64. If no arguments are specified,
the command enters interactive mode. Otherwise, the provided text
is encoded. Text with spaces must be put in quotation marks if specified
as an argument.
The arguments are:
- --encoding=encoding_type
- Specifies how to encode the password. Supported encodings are xor, aes,
and hash. The default encoding is xor.
- --key=encryption_key
- Specifies the key to be used when encoding using AES encryption.
This string is hashed to produce an encryption key that is used to
encrypt and decrypt the password. The key can be provided to the server
by defining the variable wlp.password.encryption.key whose
value is the key. If this option is not provided, a default key is
used.
See also
Liberty profile: The limits to protection through password encryption.
- createSSLCertificate
- Creates a default SSL certificate for use in server configuration.
Generated keystore file key.js is placed under /resources/security directory
of the server specified in --server name. The
key algorithm is RSA and signature algorithm is SHA1 with RSA. For
more control over the certificate creation, use keytool directly.
The
arguments are:
- --server=name
- Specifies the name of the Liberty profile server for keystore
creation. This option is required.
- --password=passwd
- Specifies the password to be used in the keystore, which must
be at least six characters in length. This option is required.
- --passwordEncoding=password_encoding_type
- Specifies how to encode the keystore password. Supported encodings
are xor or aes. The default value
is xor.
- --passwordkey=password_encryption_key
- Specifies the key to be used when encoding the keystore password
using AES encryption. This string is hashed to produce an encryption
key that is used to encrypt and decrypt the password. The key can
be provided to the server by defining the variable wlp.password.encryption.key whose
value is the key. If this option is not provided, a default key is
used.
- --validity=days
- Specifies the number of days that the certificate is valid, which
must be equal to or greater than 365. The default value is 365. This
option is optional.
- --subject=DN
- Specifies the Domain Name (DN) for the certificate subject and
issuer. The default value is CN=localhost,O=ibm,C=us.
This option is optional.
- help
- Prints help information for a specified task.
Usage
The following examples demonstrate
correct syntax:
securityUtility encode GiveMeLiberty --encoding=aes
securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365
--subject=CN=mycompany,O=myOrg,C=myCountry
securityUtility help createSSLCertificate