Creating self-signed certificates using scripting

Use the Jython or Jacl scripting language to create self-signed certificates with the wsadmin tool.

Before you begin

Before starting this task, the wsadmin tool must be running. See the Starting the wsadmin scripting client article for more information.

About this task

You can create self-signed certificates using the scripting and the AdminTask object. You can run the commands in interactive or batch mode. Interactive mode provides a way to discover the flags that you need to run the task in batch mode.

Certificates reside inside of key stores. To run the commands, you will need the name of the key store to be supplied. Use the listKeyStore command of the AdminTask object to get a list of key stores. If you need a new key store, use the createKeyStore command of the AdminTask object.

Avoid trouble: Certificate aliases with embedded quotes in them can cause issues when the runtime attempts to use them. Do not use embedded quotes in a certificate alias.

To create a personal key store, use the following examples:

Procedure

  • Interactive mode:
    • Using Jython: 
      AdminTask.createSelfSignedCertificate ('[-interactive]')

    • Using Jacl:

      $AdminTask createSelfSignedCertificate -interactive
    Example output: 
    *Key Store Name (keyStoreName): keyStore
Key Store Scope Name (keyStoreScope):
*Certificate Alias (certificateAlias): newCert
"Certificate Version" (certificateVersion): 3
*Key Size (certificateSize): [1024]
*Common Name (certificateCommonName): localhost
*Organization (certificateOrganization): workgroup
Organizational Unit (certificateOrganizationalUnit): testing
certLocality (certificateLocality): austin
State (certificateState): Texas
Zip (certificateZip): 78757
Country (certificateCountry): [US]
Validity Period (certificateValidDays): [365]
Create Self-Signed Certificate

F (Finish)
C (Cancel)

Select [F, C]: [F]

WASX7278I: Generated command line: $AdminTask createSelfSignedCertificate 
{-keyStoreName keyStore -certificateAlias newCert -certificateVersion 3 
-certificateCommonName localhost -certificateOrganization ibm 
-certificateOrganizationalUnit testing -certificateLocality austin 
-certificateState Texas -certificateZip 78757 }
true

    At the end of the output, the batch mode parameters are provided.

  • Batch mode:
    • Using Jython: 
      AdminTask.createSelfSignedCertificate ('[-keyStoreName keyStore 
-certificateAlias newCert -certificateVersion 3 -certificateSize 1024 
-certificateCommonName localhost -certificateOrganization ibm 
-certificateOrganizationalUnit testing -certificateLocality austin 
-certificateState Texas -certificateZip 78757]')

    • Using Jacl:

      $AdminTask createSelfSignedCertificate {-keyStoreName keyStore 
-certificateAlias newCert -certificateVersion 3 -certificateSize 1024
-certificateCommonName localhost -certificateOrganization ibm 
-certificateOrganizationalUnit testing -certificateLocality austin 
-certificateState Texas -certificateZip 78757 }