You can use the Jython or Jacl scripting languages to configure key stores with the wsadmin tool. A key store is created by the application server during install and can contain cryptographic keys or certificates. The commands and parameters in the KeyStoreCommands group can be used to create, delete, and manage key stores.
The changeMultipleKeyStorePasswords command updates all of the key stores in the configuration that have a give password and changed them to a new password. This is useful because when you create key store files on the system, they will have WebAS as a password by default.
Required parameters
Optional parameters
None.Examples
Batch mode example usage:
$AdminTask changeMultipleKeyStorePasswords {-keyStorePassword WebAS -newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd}
AdminTask.changeMultipleKeyStorePasswords ('[-keyStorePassword WebAS -newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd]')
AdminTask.changeMultipleKeyStorePasswords (['-keyStorePassword', 'WebAS', '-newKeyStorePassword', 'newpwd', '-newKeyStorePasswordVerify', 'newpwd'])
Interactive mode example usage:
$AdminTask changeMultipleKeyStorePasswords {-interactive}
AdminTask.changeMultipleKeyStorePasswords ('[-interactive]')
AdminTask.changeMultipleKeyStorePasswords (['-interactive'])
The createKeyStore command creates the key store settings in the configuration and the key store database.
Required parameters
Optional parameters
Examples
Batch mode example usage:
$AdminTask createKeyStore {-keyStoreName testKS -keyStoreType JCEKS -keyStoreLocation c:\temp\testKeyFile.p12 -keyStorePassword testpwd -keyStorePasswordVerify testpwd -keyStoreIsFileBased true -keyStoreInitAtStartup true -keyStoreReadOnly false}
AdminTask.createKeyStore ('[-keyStoreName testKS -keyStoreType JCEKS -keyStoreLocation c:\temp\testKeyFile.p12 -keyStorePassword testpwd -keyStorePasswordVerify testpwd -keyStoreIsFileBased true -keyStoreInitAtStartup true -keyStoreReadOnly false]')
AdminTask.createKeyStore (['-keyStoreName', 'testKS', '-keyStoreLocation', '-keyStoreType', 'JCEKS', 'c:\temp\testKeyFile.p12', '-keyStorePassword', 'testpwd', '-keyStorePasswordVerify', 'testpwd', '-keyStoreIsFileBased', 'true', '-keyStoreInitAtStartup', 'true', '-keyStoreReadOnly', 'false'])
Interactive mode example usage:
$AdminTask createKeyStore {-interactive}
AdminTask.createKeyStore ('[-interactive]')
AdminTask.createKeyStore (['-interactive'])
The createCMSKeyStore command creates a CMS key store database and the key store settings in the configuration.
Required parameters
Optional parameters
None.Examples
Batch mode example usage:
$AdminTask createCMSKeyStore
AdminTask.createCMSKeyStore()
Interactive mode example usage:
$AdminTask createCMSKeyStore {-interactive}
AdminTask.createCMSKeyStore ('[-interactive]')
AdminTask.createCMSKeyStore (['-interactive'])
The deleteKeyStore command deletes the settings of a key store from the configuration and the key store file.
Required parameters
Optional parameters
Examples
Batch mode example usage:
$AdminTask deleteKeyStore {-keyStoreName testKS}
AdminTask.deleteKeyStore ('[-keyStoreName testKS]')
AdminTask.deleteKeyStore (['-keyStoreName', 'testKS'])
Interactive mode example usage:
$AdminTask deleteKeyStore {-interactive}
AdminTask.deleteKeyStore ('[-interactive]')
AdminTask.deleteKeyStore (['-interactive'])
The exchangeSigners command exchange signer certificate between key stores.
Required parameters
Optional parameters
Examples
Batch mode example usage:
$AdminTask exchangeSigners {-keyStoreName1 testKS -certificateAliasList1 testCert1 -keyStoreName2 secondKS -certificateAlaisList2 certAlis}
AdminTask.exchangeSigners ('[-keyStoreName1 testKS -certificateAliasList1 testCert1 -keyStoreName2 secondKS -certificateAlaisList2 certAlis]')
AdminTask.exchangeSigners (['-keyStoreName1', 'testKS', '-certificateAliasList1', 'testCert1', '-keyStoreName2', 'secondKS', '-certificateAlaisList2', 'certAlis'])
Interactive mode example usage:
$AdminTask exchangeSigners {-interactive}
AdminTask.exchangeSigners ('[-interactive]')
AdminTask.exchangeSigners (['-interactive'])
The getKeyStoreInfo command displays the settings of a particular key store.
Required parameters
Optional parameters
Examples
Batch mode example usage:
$AdminTask getKeyStore {-name testKS}
AdminTask.getKeyStore ('[-name testKS]')
AdminTask.getKeyStore (['-name', 'testKS'])
Interactive mode example usage:
$AdminTask getKeyStoreInfo {-interactive}
AdminTask.getKeyStoreInfo ('[-interactive]')
AdminTask.getKeyStoreInfo (['-interactive'])
The listKeyFileAliases command lists the certificates in a key store file.
Required parameters
Optional parameters
None.Examples
Batch mode example usage:
$AdminTask listKeyFileAliases {-keyFilePath c:\temp\testKeyFile.p12 -keyFilePassword testPwd -keyFileType PKCS12}
AdminTask.listKeyFileAliases ('[-keyFilePaht c:\temp\testKeyFile.p12 -keyFilePassword testPwd -keyFileType PKCS12]')
AdminTask.listKeyFileAliases (['-keyFilePaht', 'c:\temp\testKeyFile.p12', '-keyFilePassword', 'testPwd', '-keyFileType', 'PKCS12'])
Interactive mode example usage:
$AdminTask listKeyFileAliases {-interactive}
AdminTask.listKeyFileAliases ('[-interactive]')
AdminTask.listKeyFileAliases (['-interactive'])
The listKeyStores command lists the key store for a particular scope.
Required parameters
None.Optional parameters
Examples
Batch mode example usage:
$AdminTask listKeyStores
AdminTask.listKeyStores()
Interactive mode example usage:
$AdminTask listKeyStores {-interactive}
AdminTask.listKeyStores ('[-interactive]')
AdminTask.listKeyStores (['-interactive'])
The listKeyStoreTypes command lists all valid key store types.
Required parameters
None.Optional parameters
None.Examples
Batch mode example usage:
$AdminTask listKeyStoreTypes
AdminTask.listKeyStoreTypes()
Interactive mode example usage:
$AdminTask listKeyStoreTypes {-interactive}
AdminTask.listKeyStoreTypes ('[-interactive]')
AdminTask.listKeyStoreTypes (['-interactive'])