CAClientCommands command group for the AdminTask object

You can use the Jython scripting language to manage your certificate authority (CA) client configurations with the wsadmin tool. Use the commands and parameters in the CAClientCommands group to create, modify, query, and remove connections to a third-party CA server.

Use the following commands to manage your certificate authority (CA) client configurations:

createCAClient

The createCAClient command creates a new CA client object in your configuration. The application server connects to a CA server through the WSPKIClient() implementation, which handles all connections and communications with the CA server.

Target object

None.

Required parameters

-caClientName
Specifies a name to uniquely identify the CA client object. (String, required)
-pkiClientImplClass
Specifies the class path that implements the WSPKIClient interface. The user provided WSPKIClient implementation is used to communicate with a Certificate Authority (CA). The system will use the WSPKIClient implementation to request a certificate from a CA.
See Developing the WSPKIClient interface for communicating with a certificate authority. ( String, required)

Optional parameters

-scopeName
Specifies the management scope of the CA client. For a deployment manager profile, the system uses the cell scope as the default value. For an application server profile, the system uses the node scope as the default value. (String, optional)
-host
Specifies the host name in your system where the CA resides. (String, optional)
-port
Specifies the port on the server where the CA listens. (String, optional)
-userName
Specifies the user name to use to authenticate to the CA. (String, optional)
-password
Specifies the password for the user name that authenticates to the CA. (String, optional)
-frequencyCheck
Specifies how often, in minutes, the system communicates with the CA to determine if a certificate has been created. (String, optional)
-retryCheck
Specifies the number of times to communicate with the CA to determine if a certificate has been created. (String, optional)
-customProperties
Specifies a comma-separated list of attribute and value custom property pairs to add to the CA client object, using the following format: attribute=value,attribute=value. (String, optional)

Return value

The command returns the object name of the CA client that the system creates.

Batch mode example usage

  • Using Jython string: 
    AdminTask.createCAClient('[-caClientName clientObj01 -pkiClientImplClass 
com.ibm.wsspi.ssl.WSPKIClient -host machine011 -port 9022 
-userName admin -password pw4admin]')
  • Using Jython list:
    AdminTask.createCAClient(['-caClientName', 'clientObj01', '-pkiClientImplClass', 
'com.ibm.wsspi.ssl.WSPKIClient', '-host', 'machine011', '-port', '9022', 
'-userName', 'admin', '-password', 'pw4admin'])

Interactive mode example usage

  • Using Jython:
    AdminTask.createCAClient('-interactive')

modifyCAClient

The modifyCAClient command modifies your existing CA client object configuration data. You can modify one or multiple configuration attributes for a specific CA client.

Target object

None.

Required parameters

-caClientName
Specifies the name of the CA client of interest. (String, required)

Optional parameters

-scopeName
Specifies the management scope of the CA client. For a deployment manager profile, the system uses the cell scope as the default. For an application server profile, the system uses the node scope as the default. (String, optional)
-pkiClientImplClass
Specifies the class path that implements the WSPKIClient interface. The system uses this path to connect to the CA and to issue requests to the CA. (String, optional)
-host
Specifies the host name in your system where the CA resides. (String, optional)
-port
Specifies the port on the server where the CA listens. (String, optional)
-userName
Specifies the user name to use to authenticate to the CA. (String, optional)
-password
Specifies the password for the user name that authenticates to the CA. (String, optional)
-frequencyCheck
Specifies how often, in minutes, the system should check with the CA to determine if a certificate has been created. (String, optional)
-retryCheck
Specifies the number of times to check with the CA to determine if a certificate has been created. (String, optional)
-customProperties
Specifies a comma separated list of attribute and value (attribute=value) custom property pairs to modify on the CA Client object. You can create, modify, or remove properties. To remove a property specify the attribute and value as attribute=. (String, optional)

Return value

Batch mode example usage

  • Using Jython string: 
    AdminTask.modifyCAClient('[-caClientName myCAClient -port 4060 
-userName admin -password password4admin]')
  • Using Jython list:
    AdminTask.modifyCAClient(['-caClientName', 'myCAClient', '-port', '4060', 
'-userName', 'admin', '-password', 'password4admin'])

Interactive mode example usage

  • Using Jython:
    AdminTask.modifyCAClient('-interactive')

getCAClient

The getCAClient command displays a list of attributes for a specific CA client.

Target object

None.

Required parameters

-caClientName
Specifies the CA client name of interest. (String, required)

Optional parameters

-scopeName
Specifies the management scope of CA client of interest. (String, optional)

Return value

The command returns an attribute list that contains the attribute and value pairs for the specific CA client, as the following example displays:
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementSc
ope_1)] [scopeName (cell):myCell01] [name myCAClient] [baseDn ] [_Websphe
re_Config_Data_Id cells/myCell01|security.xml#CAClient_1181834566882] [por
t 2951] [CACertificate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [u
serId ] [_Websphere_Config_Data_Type CAClient] [retryCheck 0] [properties ] [fre
quencyCheck 0] [password ] [host ] ]'

Batch mode example usage

  • Using Jython string: 
    print AdminTask.getCAClient('-caClientName myCAClient')
  • Using Jython list:
    print AdminTask.getCAClient('-caClientName', 'myCAClient')

Interactive mode example usage

  • Using Jython string:
    print AdminTask.getCAClient('-interactive')

deleteCAClient

The deleteCAClient command removes the CA client object of interest from your configuration. Use the -caClientName parameter to specify the CA client to delete. You can optionally specify the management scope of the CA client object with the scopeName parameter.

Target object

None.

Required parameters

-caClientName
Specifies the name of the CA client of interest. (String, required)

Optional parameters

-scopeName
Specifies the management scope of the CA client of interest. (String, optional)

Return value

The command does not return output if the system successfully removes the CA client of interest. If you receive an error message, verify that the CA client object of interest exists in your configuration and that it is not referenced by a certificate object in your security configuration.

Batch mode example usage

  • Using Jython string: 
    AdminTask.deleteCAClient('[-caClientName myCAClient]')
  • Using Jython list:
    AdminTask.deleteCAClient(['-caClientName', 'myCAClient'])

Interactive mode example usage

  • Using Jython:
    AdminTask.deleteCAClient('-interactive')

listCAClients

The listCAClients command lists all CA clients in your configuration or within a specific scope. If you do not provide a value for the -scopeName parameter, the command queries the cell if you use a deployment manager profile or queries the node if you use an application server profile. Use the -all parameter to query your environment without using a specific scope.

Target object

None.

Optional parameters

-scopeName
Specifies the management scope to search for CA clients. (String, optional)
-all
Specifies whether the system queries for CA clients without a specific scope. (Boolean, optional)

Return value

The command returns an array of attribute lists, displaying one attribute list for each CA client, as the following example output displays:
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementScope_1)
] [scopeName (cell):myCell01] [name jenCAClient] [baseDn ] [_Websphere_Config_Da
ta_Id cells/myCell01|security.xml#CAClient_1181834566881] [port 2950] [CACertifi
cate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [userId ] [_Webspher
e_Config_Data_Type CAClient] [retryCheck 0] [properties ] [frequencyCheck 0] [pa
ssword ] [host ] ]'
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementScope_1)
] [scopeName (cell):myCell01] [name myCAClient] [baseDn ] [_Websphere_Config_Dat
a_Id cells/myCell01|security.xml#CAClient_1181834566882] [port 2951] [CACertific
ate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [userId ] [_Websphere
_Config_Data_Type CAClient] [retryCheck 0] [properties ] [frequencyCheck 0] [pas
sword ] [host ] ]'

Batch mode example usage

  • Using Jython string: 
    print AdminTask.listCAClients('-all true')
  • Using Jython list:
    print AdminTask.listCAClients('-all', 'true')

Interactive mode example usage

  • Using Jython:
    print AdminTask.listCAClients('-interactive')