SSLConfigCommands command group for the AdminTask object

You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties.

The SSLConfigCommands command group for the AdminTask object includes the following commands:

createSSLConfig

The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. You can use the SSL configuration settings to make the SSL connections.

The command returns the configuration object name of the new SSL configuration object.

Target object

None.

Required parameters

-alias
The name of the alias. (String, required)
-trustStoreName
The key store that holds trust information used to validate the trust from remote connections. (String, required)
-keyStoreName
The keystore that holds the personal certificates that provide identity for the connection. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)
-clientKeyAlias
The certificate alias name for the client. (String, optional)
-serverKeyAlias
The certificate alias name for the server. (String, optional)
-type
The type of SSL configuration. (String, optional)
-clientAuthentication
Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-securityLevel
The cipher group that you want to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)
-enabledCiphers
A list of ciphers used during SSL handshake. (String, optional)
-jsseProvider
One of the JSSE providers. (String, optional)
-clientAuthenticationSupported
Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-sslProtocol
The protocol type for the SSL handshake. Valid values include:
  • SSL_TLS
  • SSL_TLS
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1
  • TLSv1.2
  • [8.5.5.20 or later] TLSv1.3
(String, optional)
[8.5.5.21 or later]You can specify multiple protocol types by specifying them as a comma-separated list, as shown in the following example.
sslProtocol="TLSv1.2,TLSv1.3”
Only values of TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3 are allowed in the comma-separated list.
-trustManagerObjectNames
A list of trust managers separated by commas. (String, optional)
-trustStoreScopeName
The management scope name of the trust store. (String, optional)
-keyStoreScopeName
The management scope name of the key store. (String, optional)
-keyManagerName
- Specifies the name of the Key Manager. (String, optional)
-keyManagerScopeName
Specifies the scope of the key manager. (String, optional)
-ssslKeyRingName
Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)
-v3timeout
- Specifies the time out in seconds for System SSL configuration types. Values range from 1 to 86400. (String, optional)

Examples for the createSSLConfig command

Batch mode examples:
  • Using Jacl:
    $AdminTask createSSLConfig {-alias testSSLCfg  -clientKeyAlias key1 
-serverKeyAlias key2 -trustStoreName trustKS -keyStoreName  
testKS -keyManagerName testKeyMgr}
  • Using Jython string:
    AdminTask.createSSLConfig('[-alias testSSLCfg  -clientKeyAlias key1 
-serverKeyAlias key2 -trustStoreName trustKS -keyStoreName 
testKS -keyManagerName testKeyMgr]')
  • Using Jython list:
    AdminTask.createSSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 
'key1', '-serverKeyAlias', 'key2', '-trustStoreName', 'trustKS', 
'-keyStoreName', 'testKS', '-keyManagerName', 'testKeyMgr'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask createSSLConfig {-interactive}
  • Using Jython:
    AdminTask.createSSLConfig('-interactive')

createSSLConfigProperty

The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.

Target object

None.

Required parameters

-sslConfigAliasName
The alias name of the SSL configuration. (String, required)
-propertyName
The name of the property. (String, required)
-propertyValue
The value of the property. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

Examples for the createSSLConfigProperty command

Batch mode examples:
  • Using Jacl:
    $AdminTask createSSLConfigProperty {-sslConfigAliasName NodeDefaultSSLSettings 
-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName 
test.property -propertyValue testValue}
  • Using Jython string:
    AdminTask.createSSLConfigProperty('[-sslConfigAliasName NodeDefaultSSLSettings 
-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -propertyName 
test.property -propertyValue testValue]')
  • Using Jython list:
    AdminTask.createSSLConfigProperty(['-sslConfigAliasName', 'NodeDefaultSSLSettings', 
'-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', '-propertyName', 
'test.property', '-propertyValue', 'testValue'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask createSSLConfigProperty {-interactive}
  • Using Jython:
    AdminTask.createSSLConfigProperty('-interactive')

deleteSSLConfig

The deleteSSLConfig command deletes the SSL configuration object that you specify from the configuration.

Target object

None.

Required parameters and return values

-alias
The name of the alias. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

Examples for the deleteSSLConfig command

Batch mode examples:
  • Using Jacl:
    $AdminTask deleteSSLConfig {-alias NodeDefaultSSLSettings -scopeName 
(cell):localhostNode01Cell:(node):localhostNode01}
  • Using Jython string:
    AdminTask.deleteSSLConfig('[-alias NodeDefaultSSLSettings -scopeName 
(cell):localhostNode01Cell:(node):localhostNode01]')
  • Using Jython list:
    AdminTask.deleteSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', 
'(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask deleteSSLConfig {-interactive}
  • Using Jython:
    AdminTask.deleteSSLConfig('-interactive')

getInheritedSSLConfig

The getInheritedSSLConfig command returns the SSL configuration alias and certificate alias from which a given management scope and direction inherits its SSL configuration information. This command only returns inheritance information; it does not return information about an SSL configuration that is effective for a give scope.

For example, by default in a Network Deployment environment, there are different SSL configuration effective at the cell and node levels. If you issue the getInheritedSSLConfig command, specifying the nodes management scope, you get the name of the SSL configuration for the cell, not the effective SSL configuration of the node, because the node inherits its configuration information from the cell.

The command returns the SSL configuration alias and certificate alias from which the specified management scope and direction inherits its SSL configuration information.

Target object

None.

Required parameters and return values

-scopeName
The name of the management scope for which you want to find out where that management schope will inherit its SSL configuration. (String, required)

Optional parameters

None.

Examples for the getInheritedSSLConfig command

  • Using Jacl:
    $AdminTask getInheritedSSLConfig {-scopeName (cell):localhostNode01Cell:(node):localhostNode01 -direction inbound}
CellDefaultSSLSettings,null
  • Using Jython string:
    AdminTask.getInheritedSSLConfig('[-scopeName
(cell):localhostNode01Cell:(node):localhostNode01 -direction inbound]')
CellDefaultSSLSettings,null

getSSLConfig

The getSSLConfig command obtains information about an SSL configuration and displays the settings.

Target object

None.

Required parameters and return values

-alias
The name of the alias. (String, required)

Optional parameters and values

-scopeName
The name of the scope. (String, optional)
[8.5.5.19 or later]-returnAttributes
A comma-separated list of SSL configuration attributes that the getSSLConfig command returns. (String, optional)
The following values are valid for this parameter:
  • alias
  • type
  • clientKeyAlias
  • serverKeyAlias
  • clientAuthentication
  • clientAuthenticationSupported
  • securityLevel
  • enabledCiphers
  • sslProtocol
  • keyStore
  • trustStore
  • jsseProvider
  • trustManagerList
  • keyManagerList

Examples for the getSSLConfig command

Batch mode examples:
  • Using Jacl:
    $AdminTask getSSLConfig {-alias NodeDefaultSSLSettings -scopeName 
(cell):localhostNode01Cell:(node):localhostNode01}
  • Using Jython string:
    AdminTask.getSSLConfig('[-alias NodeDefaultSSLSettings -scopeName 
(cell):localhostNode01Cell:(node):localhostNode01]')
  • Using Jython list:
    AdminTask.getSSLConfig(['-alias', 'NodeDefaultSSLSettings', '-scopeName', 
'(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask getSSLConfig {-interactive}
  • Using Jython:
    AdminTask.getSSLConfig('-interactive')

getSSLConfigProperties

The getSSLConfigProperties command obtains information about SSL configuration properties.

Target object

None.

Required parameters and return values

-alias
The name of the alias. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

The command returns additional information about the SSL configuration properties.

Examples for the getSSLConfigProperties command

Batch mode examples:
  • Using Jacl:
    $AdminTask getSSLConfigProperties {-sslConfigAliasName NodeDefaultSSLSettings 
-scopeName (cell):localhostNode01Cell:(node):localhostNode01}
  • Using Jython string:
    AdminTask.getSSLConfigProperties('[-sslConfigAliasName NodeDefaultSSLSettings 
-scopeName (cell):localhostNode01Cell:(node):localhostNode01]')
  • Using Jython list:
    AdminTask.getSSLConfigProperties(['-sslConfigAliasName', 'NodeDefaultSSLSettings', 
'-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask getSSLConfigProperties {-interactive}
  • Using Jython:
    AdminTask.getSSLConfigProperties('-interactive')

listSSLCiphers

The listSSLCiphers command lists the SSL ciphers.

Target object

None.

Required parameters

-securityLevel
The cipher group that you want to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)

Optional parameters

-sslConfigAliasName
The alias name of the SSL configuration. (String, optional)
-scopeName
The name of the scope. (String, optional)

Examples for the listSSLCiphers command

Batch mode examples:
  • Using Jacl:
    $AdminTask listSSLCiphers {-sslConfigAliasName testSSLCfg 
-securityLevel HIGH}
  • Using Jython string:
    AdminTask.listSSLCiphers('[-sslConfigAliasName testSSLCfg 
-securityLevel HIGH]')
  • Using Jython list:
    AdminTask.listSSLCiphers(['-sslConfigAliasName', 'testSSLCfg', 
'-securityLevel', 'HIGH'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask listSSLCiphers {-interactive}
  • Using Jython:
    AdminTask.listSSLCiphers('-interactive')

listSSLConfigs

The listSSLConfigs command lists the defined SSL configurations within a management scope.

Target object

None.

Optional parameters

-scopeName
The name of the scope. (String, optional)
-displayObjectName
Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)
-all
Specify the value of this parameter as true to list all SSL configurations. This parameter overrides the scopeName parameter. The default value is false. (Boolean, optional)

Examples for the listSSLConfigs command

Batch mode examples:
  • Using Jacl:
    $AdminTask listSSLConfigs {-scopeName (cell): localhostNode01Cell:(node):localhostNode01 
-displayObjectName true}
  • Using Jython string:
    AdminTask.listSSLConfigs('[-scopeName (cell):localhostNode01Cell:(node):localhostNode01 
-displayObjectName true]')
  • Using Jython list:
    AdminTask.listSSLConfigs(['-scopeName', '(cell):localhostNode01Cell:(node):localhostNode01', 
'-displayObjectName', 'true'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask listSSLConfigs {-interactive}
  • Using Jython:
    AdminTask.listSSLConfigs('-interactive')

listSSLConfigProperties

The listSSLConfigProperties command lists the properties for a SSL configuration.

Target object

None.

Required parameters

-alias
The alias name of the SSL configuration. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)
-displayObjectName
Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

Examples for the listSSLConfigProperties command

Batch mode examples:
  • Using Jacl:
    $AdminTask listSSLConfigProperty {-alias SSL123 -scopeName 
(cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true}
  • Using Jython string:
    AdminTask.listSSLConfigProperty('[-alias SSL123 -scopeName 
(cell):localhostNode01Cell:(node):localhostNode01 -displayObjectName true]')
  • Using Jython list:
    AdminTask.listSSLConfigProperty(['-alias', 'SSL123', '-scopeName', 
'(cell):localhostNode01Cell:(node):localhostNode01', '-displayObjectName', 'true'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask listSSLConfigProperties {-interactive}
  • Using Jython:
    AdminTask.listSSLConfigProperties('-interactive')

listSSLProtocolTypes

The listSSLProtocolTypes command lists the SSL protocols valid for the current configured security level. If a security standard is not enabled, the full list of valid protocols are returned. Otherwise, the list of appropriate protocols for the configured security level is returned.

Target object

None.

Required parameters

None.

Returns

This command lists all available protocols for the current FIPS level.
Table 1. FIPSLevel and protocolTypes . The following table shows the available protocol types for each FIPS level.
Security mode Available protocol types
FIPS not enabled
SSL_TLS
SSL
SSLv2
SSLv3
TLS
TLSv1
SSL_TLSv2
TLSv1.1
TLSv1.2
[8.5.5.20 or later]TLSv1.3
FIPS140-2
TLS
TLSv1
TLSv1.1
TLSv1.2
SP800-131 - Transition
TLS
TLSv1
TLSv1.1
TLSv1.2
SP800-131 - Strict
TLSv1.2
Suite B 128
TLSv1.2
SP800-131 - Suite B 192
TLSv1.2

:

Batch mode examples for the listSSLProtocolTypes command

  • Using Jacl:
    $AdminTask listSSLProtocolTypes
TLSv1.2

listSSLRepertoires

The listSSLRepertoires command lists all of the Secure Sockets Layer (SSL) configuration instances that you can associate with an SSL inbound channel. If you create a new SSL alias using the administrative console, the alias name is automatically created in the node_name/alias_name format. However, if you create a new SSL alias using the wsadmin tool, you must create the SSL alias and specify both the node name and alias name in the node_name/alias_name format.

Target object

SSLInboundChannel instance for which the SSLConfig candidates are listed.

Required parameters

None.

Optional parameters

None.

Examples for the listSSLRepertoires command

Batch mode examples:
  • Using Jacl:
    $AdminTask listSSLRepertoires SSL_3(cells/mybuildCell01/nodes/mybuildNode01/servers/
server2|server.xml#SSLInboundChannel_1093445762330)
  • Using Jython string:
    print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/
servers/server2|server.xml#SSLInboundChannel_1093445762330)')
  • Using Jython list:
    print AdminTask.listSSLRepertoires('SSL_3(cells/mybuildCell01/nodes/mybuildNode01/
servers/server2|server.xml#SSLInboundChannel_1093445762330)')
Interactive mode examples:
  • Using Jacl: 
    $AdminTask listSSLRepertoires {-interactive}
  • Using Jython:
    print AdminTask.listSSLRepertoires('-interactive')

modifySSLConfig

The modifySSLConfig command modifies the settings of an existing SSL configuration.

Target object

None.

Required parameters

-alias
The name of the alias. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)
-clientKeyAlias
The certificate alias name for the client. (String, optional)
-serverKeyAlias
The certificate alias name for the server. (String, optional)
-clientAuthentication
Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-securityLevel
The cipher group that you want to use. Valid values include: HIGH, MEDIUM, LOW, and CUSTOM. (String, required)
-enabledCiphers
A list of ciphers used during SSL handshake. (String, optional)
-jsseProvider
One of the JSSE providers. (String, optional)
-clientAuthenticationSupported
Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-sslProtocol
The protocol type for the SSL handshake. Valid values include:
  • SSL_TLS
  • SSL_TLS
  • SSL
  • SSLv2
  • SSLv3
  • TLS
  • TLSv1
  • TLSv1.1
  • TLSv1.2
  • [8.5.5.20 or later] TLSv1.3
(String, optional)
[8.5.5.21 or later]You can specify multiple protocol types by specifying them as a comma-separated list, as shown in the following example.
sslProtocol="TLSv1.2,TLSv1.3”
Only values of TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3 are allowed in the comma-separated list.
-trustManagerObjectNames
A list of trust managers separated by commas. (String, optional)
-trustStoreName
The key store that holds trust information used to validate the trust from remote connections. (String, optional)
-trustStoreScopeName
The management scope name of the trust store. (String, optional)
-keyStoreName
The key store that holds the personal certificates that provide identity for the connection. (String, optional)
-keyStoreScopeName
The management scope name of the key store. (String, optional)
-keyManagerName
- Specifies the name of the Key Manager. (String, optional)
-keyManagerScopeName
Specifies the scope of the key manager. (String, optional)
-ssslKeyRingName
Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)
-v3timeout
- Specifies the time out in seconds for System SSL configuration types. Values range from 1 to 86400. (String, optional)

Examples for the modifySSLConfig command

Batch mode examples:
  • Using Jacl:
    $AdminTask modifySSLConfig {-alias testSSLCfg -clientKeyAlias tstKey1 
-serverKeyAlias tstKey2 -securityLevel LOW}
  • Using Jython string:
    AdminTask.modifySSLConfig('[-alias testSSLCfg -clientKeyAlias tstKey1 
-serverKeyAlias tstKey2 -securityLevel LOW]')
  • Using Jython list:
    AdminTask.modifySSLConfig(['-alias', 'testSSLCfg', '-clientKeyAlias', 'tstKey1', 
'-serverKeyAlias', 'tstKey2', '-securityLevel', 'LOW'])
Interactive mode examples:
  • Using Jacl:
    $AdminTask modifySSLConfig {-interactive}
  • Using Jython:
    AdminTask.modifySSLConfig('-interactive')