CAClientCommands command group for the AdminTask object
You can use the Jython scripting language to manage your certificate authority (CA) client configurations with the wsadmin tool. Use the commands and parameters in the CAClientCommands group to create, modify, query, and remove connections to a third-party CA server.
createCAClient
The createCAClient command creates a new CA client object in your configuration. The application server connects to a CA server through the WSPKIClient() implementation, which handles all connections and communications with the CA server.
Target object
None.
Required parameters
- -caClientName
- Specifies a name to uniquely identify the CA client object. (String, required)
- -pkiClientImplClass
- Specifies the class path that implements the WSPKIClient interface. The user provided WSPKIClient implementation is used to communicate with a Certificate Authority (CA). The system will use the WSPKIClient implementation to request a certificate from a CA.
Optional parameters
- -scopeName
- Specifies the management scope of the CA client. For a deployment manager profile, the system uses the cell scope as the default value. For an application server profile, the system uses the node scope as the default value. (String, optional)
- -host
- Specifies the host name in your system where the CA resides. (String, optional)
- -port
- Specifies the port on the server where the CA listens. (String, optional)
- -userName
- Specifies the user name to use to authenticate to the CA. (String, optional)
- -password
- Specifies the password for the user name that authenticates to the CA. (String, optional)
- -frequencyCheck
- Specifies how often, in minutes, the system communicates with the CA to determine if a certificate has been created. (String, optional)
- -retryCheck
- Specifies the number of times to communicate with the CA to determine if a certificate has been created. (String, optional)
- -customProperties
- Specifies a comma-separated list of attribute and value custom property pairs to add to the CA client object, using the following format: attribute=value,attribute=value. (String, optional)
Return value
The command returns the object name of the CA client that the system creates.
Batch mode example usage
- Using Jython string:
AdminTask.createCAClient('[-caClientName clientObj01 -pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient -host machine011 -port 9022 -userName admin -password pw4admin]')
- Using Jython list:
AdminTask.createCAClient(['-caClientName', 'clientObj01', '-pkiClientImplClass', 'com.ibm.wsspi.ssl.WSPKIClient', '-host', 'machine011', '-port', '9022', '-userName', 'admin', '-password', 'pw4admin'])
Interactive mode example usage
- Using Jython:
AdminTask.createCAClient('-interactive')
modifyCAClient
The modifyCAClient command modifies your existing CA client object configuration data. You can modify one or multiple configuration attributes for a specific CA client.
Target object
None.
Required parameters
- -caClientName
- Specifies the name of the CA client of interest. (String, required)
Optional parameters
- -scopeName
- Specifies the management scope of the CA client. For a deployment manager profile, the system uses the cell scope as the default. For an application server profile, the system uses the node scope as the default. (String, optional)
- -pkiClientImplClass
- Specifies the class path that implements the WSPKIClient interface. The system uses this path to connect to the CA and to issue requests to the CA. (String, optional)
- -host
- Specifies the host name in your system where the CA resides. (String, optional)
- -port
- Specifies the port on the server where the CA listens. (String, optional)
- -userName
- Specifies the user name to use to authenticate to the CA. (String, optional)
- -password
- Specifies the password for the user name that authenticates to the CA. (String, optional)
- -frequencyCheck
- Specifies how often, in minutes, the system should check with the CA to determine if a certificate has been created. (String, optional)
- -retryCheck
- Specifies the number of times to check with the CA to determine if a certificate has been created. (String, optional)
- -customProperties
- Specifies a comma separated list of attribute and value (attribute=value) custom property pairs to modify on the CA Client object. You can create, modify, or remove properties. To remove a property specify the attribute and value as attribute=. (String, optional)
Return value
Batch mode example usage
- Using Jython string:
AdminTask.modifyCAClient('[-caClientName myCAClient -port 4060 -userName admin -password password4admin]')
- Using Jython list:
AdminTask.modifyCAClient(['-caClientName', 'myCAClient', '-port', '4060', '-userName', 'admin', '-password', 'password4admin'])
Interactive mode example usage
- Using Jython:
AdminTask.modifyCAClient('-interactive')
getCAClient
The getCAClient command displays a list of attributes for a specific CA client.
Target object
None.
Required parameters
- -caClientName
- Specifies the CA client name of interest. (String, required)
Optional parameters
- -scopeName
- Specifies the management scope of CA client of interest. (String, optional)
Return value
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementSc
ope_1)] [scopeName (cell):myCell01] [name myCAClient] [baseDn ] [_Websphe
re_Config_Data_Id cells/myCell01|security.xml#CAClient_1181834566882] [por
t 2951] [CACertificate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [u
serId ] [_Websphere_Config_Data_Type CAClient] [retryCheck 0] [properties ] [fre
quencyCheck 0] [password ] [host ] ]'
Batch mode example usage
- Using Jython string:
print AdminTask.getCAClient('-caClientName myCAClient')
- Using Jython list:
print AdminTask.getCAClient('-caClientName', 'myCAClient')
Interactive mode example usage
- Using Jython string:
print AdminTask.getCAClient('-interactive')
deleteCAClient
The deleteCAClient command removes the CA client object of interest from your configuration. Use the -caClientName parameter to specify the CA client to delete. You can optionally specify the management scope of the CA client object with the scopeName parameter.
Target object
None.
Required parameters
- -caClientName
- Specifies the name of the CA client of interest. (String, required)
Optional parameters
- -scopeName
- Specifies the management scope of the CA client of interest. (String, optional)
Return value
The command does not return output if the system successfully removes the CA client of interest. If you receive an error message, verify that the CA client object of interest exists in your configuration and that it is not referenced by a certificate object in your security configuration.
Batch mode example usage
- Using Jython string:
AdminTask.deleteCAClient('[-caClientName myCAClient]')
- Using Jython list:
AdminTask.deleteCAClient(['-caClientName', 'myCAClient'])
Interactive mode example usage
- Using Jython:
AdminTask.deleteCAClient('-interactive')
listCAClients
The listCAClients command lists all CA clients in your configuration or within a specific scope. If you do not provide a value for the -scopeName parameter, the command queries the cell if you use a deployment manager profile or queries the node if you use an application server profile. Use the -all parameter to query your environment without using a specific scope.
Target object
None.
Optional parameters
- -scopeName
- Specifies the management scope to search for CA clients. (String, optional)
- -all
- Specifies whether the system queries for CA clients without a specific scope. (Boolean, optional)
Return value
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementScope_1)
] [scopeName (cell):myCell01] [name jenCAClient] [baseDn ] [_Websphere_Config_Da
ta_Id cells/myCell01|security.xml#CAClient_1181834566881] [port 2950] [CACertifi
cate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [userId ] [_Webspher
e_Config_Data_Type CAClient] [retryCheck 0] [properties ] [frequencyCheck 0] [pa
ssword ] [host ] ]'
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementScope_1)
] [scopeName (cell):myCell01] [name myCAClient] [baseDn ] [_Websphere_Config_Dat
a_Id cells/myCell01|security.xml#CAClient_1181834566882] [port 2951] [CACertific
ate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [userId ] [_Websphere
_Config_Data_Type CAClient] [retryCheck 0] [properties ] [frequencyCheck 0] [pas
sword ] [host ] ]'
Batch mode example usage
- Using Jython string:
print AdminTask.listCAClients('-all true')
- Using Jython list:
print AdminTask.listCAClients('-all', 'true')
Interactive mode example usage
- Using Jython:
print AdminTask.listCAClients('-interactive')