Liberty profile: securityUtility command

The securityUtility command supports plain text encryption and SSL certificate creation for a Liberty profile.

Syntax

The command syntax is as follows:

securityUtility task [options]

where the options are different based on the value of task.

Parameters

The following tasks are available for the securityUtility command:
encode
Encodes the provided text using Base64. If no arguments are specified, the command enters interactive mode. Otherwise, the provided text is encoded. Text with spaces must be put in quotation marks if specified as an argument.
Fix Pack 8550 The arguments are:
--encoding=encoding_type
Specifies how to encode the password. Supported encodings are xor, aes, and hash. The default encoding is xor.
--key=encryption_key
Specifies the key to be used when encoding using AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. The key can be provided to the server by defining the variable wlp.password.encryption.key whose value is the key. If this option is not provided, a default key is used.
See also Liberty profile: The limits to protection through password encryption.
createSSLCertificate
Creates a default SSL certificate for use in server configuration. Generated keystore file key.js is placed under /resources/security directory of the server specified in --server name. The key algorithm is RSA and signature algorithm is SHA1 with RSA. For more control over the certificate creation, use keytool directly.

The arguments are:

--server=name
Specifies the name of the Liberty profile server for keystore creation. This option is required.
--password=passwd
Specifies the password to be used in the keystore, which must be at least six characters in length. This option is required.
Fix Pack 8550 --passwordEncoding=password_encoding_type
Specifies how to encode the keystore password. Supported encodings are xor or aes. The default value is xor.
Fix Pack 8550 --passwordkey=password_encryption_key
Specifies the key to be used when encoding the keystore password using AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. The key can be provided to the server by defining the variable wlp.password.encryption.key whose value is the key. If this option is not provided, a default key is used.
--validity=days
Specifies the number of days that the certificate is valid, which must be equal to or greater than 365. The default value is 365. This option is optional.
--subject=DN
Specifies the Domain Name (DN) for the certificate subject and issuer. The default value is CN=localhost,O=ibm,C=us. This option is optional.
help
Prints help information for a specified task.

Usage

The following examples demonstrate correct syntax:

securityUtility encode GiveMeLibertyFix Pack 8550  --encoding=aes
securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365
                                     --subject=CN=mycompany,O=myOrg,C=myCountry
securityUtility help createSSLCertificate
Parent topic: Creating SSL certificates from the command prompt
Related concepts:
Fix Pack 8550 Liberty profile: The limits to protection through password encryption
Related tasks:
Creating SSL certificates from the command prompt
Configuring your web application and server for client certificate authentication
Configuring LDAP user registries with the Liberty profile
Configuring a basic user registry for the Liberty profile

Icon that indicates the type of topic Reference topic
Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Wednesday, 22 May 2013
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=rwlp_command_securityutil
File name: rwlp_command_securityutil.html