SSLConfigCommands command group for the AdminTask object

You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties.

The SSLConfigCommands command group for the AdminTask object includes the following commands:
[jun2010]

createSSLConfig

The createSSLConfig command creates an SSL configuration that is based on key store and trust store settings. You can use the SSL configuration settings to make the SSL connections.

Target object

None.

Parameters and return values

-alias
The name of the alias. (String, required)
-scopeName
The name of the scope. (String, optional)
-clientKeyAlias
The certificate alias name for the client. (String, optional)
-serverKeyAlias
The certificate alias name for the server. (String, optional)
-type
The type of SSL configuration. (String, optional)
-clientAuthentication
Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-securityLevel
[aug2010] The cipher group that you want to use. Valid values include: STRONG, MEDIUM, WEAK, and CUSTOM. (String, optional) [aug2010]
aug2010
-enabledCiphers
A list of ciphers used during SSL handshake. (String, optional)
-jsseProvider
One of the JSSE providers. (String, optional)
-clientAuthenticationSupported
Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-sslProtocol
The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)
-trustManagerObjectNames
A list of trust managers separated by commas. (String, optional)
-trustStoreName
The key store that holds trust information used to validate the trust from remote connections. (String, optional)
-trustStoreScopeName
The management scope name of the trust store. (String, optional)
-keyStoreName
The key store that holds the personal certificates that provide identity for the connection. (String, optional)
-keyStoreScopeName
The management scope name of the key store. (String, optional)
-keyManagerName
- Specifies the name of the Key Manager. (String, optional)
-keyManagerScopeName
Specifies the scope of the key manager. (String, optional)
-ssslKeyRingName
Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)
-v3timeout
- Specifies the time out in seconds for System SSL configuration types. Values range from 1 to 86400. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

[jun2010]
jun2010

createSSLConfigProperty

The createSSLConfigProperty command creates a property for an SSL configuration. Use this command to set SSL configuration settings that are different than the settings in the SSL configuration object.

Target object

None.

Required parameters

-sslConfigAliasName
The alias name of the SSL configuration. (String, required)
-propertyName
The name of the property. (String, required)
-propertyValue
The value of the property. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

Interactive mode example usage:

deleteSSLConfig

The deleteSSLConfig command deletes the SSL configuration object that you specify from the configuration.

Target object

None.

Required parameters and return values

-alias
The name of the alias. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

Interactive mode example usage:

getSSLConfig

The getSSLConfig command obtains information about an SSL configuration and displays the settings.

Target object

None.

Required parameters and return values

-alias
The name of the alias. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

Example output

The command returns information about the SSL configuration of interest.

Examples

Batch mode example usage:

Interactive mode example usage:

getSSLConfigProperties

The getSSLConfigProperties command obtains information about SSL configuration properties.

Target object

None.

Required parameters and return values

-alias
The name of the alias. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)

Example output

The command returns additional information about the SSL configuration properties.

Examples

Batch mode example usage:

Interactive mode example usage:

[jun2010]

listSSLCiphers

The listSSLCiphers command lists the SSL ciphers.

Target object

None.

Parameters and return values

-sslConfigAliasName
Specifies alias that uniquely identifies a SSL configuration. (String, optional)
-scopeName
Specifies the scope name of the SSL configuration. (String, optional)
-securityLevel
[aug2010] Specifies the security level of the SSL configuration, which can be STRONG, MEDIUM, LOW, or CUSTOM. (String, required) [aug2010]
aug2010

Examples

Batch mode example usage:

Interactive mode example usage:

[jun2010]
jun2010

listSSLConfigs

The listSSLConfigs command lists the defined SSL configurations within a management scope.

Target object

None.

Optional parameters

-scopeName
The name of the scope. (String, optional)
-displayObjectName
Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)
-all
Specify the value of this parameter as true to list all SSL configurations. This parameter overrides the scopeName parameter. The default value is false. (Boolean, optional)

Example output

The command returns a list of defined SSL configurations.

Examples

Batch mode example usage:

Interactive mode example usage:

listSSLConfigProperties

The listSSLConfigProperties command lists the properties for a SSL configuration.

Target object

None.

Required parameters

-alias
The alias name of the SSL configuration. (String, required)

Optional parameters

-scopeName
The name of the scope. (String, optional)
-displayObjectName
Set the value of this parameter to true to list the SSL configuration objects within the scope. Set the value of this parameter to false to list the strings that contain the SSL configuration alias and management scope. (Boolean, optional)

Example output

The command returns SSL configuration properties.

Examples

Batch mode example usage:

Interactive mode example usage:

listSSLRepertoires

The listSSLRepertoires command lists all of the Secure Sockets Layer (SSL) configuration instances that you can associate with an SSL inbound channel.If you create a new SSL alias using the administrative console, the alias name is automatically created in the node_name/alias_name format. However, if you create a new SSL alias using the wsadmin tool, you must create the SSL alias and specify both the node name and alias name in the node_name/alias_name format.

Target object

SSLInboundChannel instance for which the SSLConfig candidates are listed.

Required parameters

None.

Optional parameters

None.

Sample output

The command returns a list of eligible SSL configuration object names.

Examples

Batch mode example usage:

Interactive mode example usage:

[jun2010]

modifySSLConfig

The modifySSLConfig command modifies the settings of an existing SSL configuration.

Target object

None.

Parameters and return values

-alias
The name of the alias. (String, required)
-scopeName
The name of the scope. (String, optional)
-clientKeyAlias
The certificate alias name for the client. (String, optional)
-serverKeyAlias
The certificate alias name for the server. (String, optional)
-clientAuthentication
Set the value of this parameter to true to request client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-securityLevel
[aug2010] The cipher group that you want to use. Valid values include: STRONG, MEDIUM, WEAK, and CUSTOM. (String, optional) [aug2010]
aug2010
-enabledCiphers
A list of ciphers used during SSL handshake. (String, optional)
-jsseProvider
One of the JSSE providers. (String, optional)
-clientAuthenticationSupported
Set the value of this parameter to true to support client authentication. Otherwise, set the value of this parameter to false. (Boolean, optional)
-sslProtocol
The protocol type for the SSL handshake. Valid values include: SSL_TLS, SSL, SSLv2, SSLv3, TLS, TLSv1. (String, optional)
-trustManagerObjectNames
A list of trust managers separated by commas. (String, optional)
-trustStoreName
The key store that holds trust information used to validate the trust from remote connections. (String, optional)
-trustStoreScopeName
The management scope name of the trust store. (String, optional)
-keyStoreName
The key store that holds the personal certificates that provide identity for the connection. (String, optional)
-keyStoreScopeName
The management scope name of the key store. (String, optional)
-keyManagerName
- Specifies the name of the Key Manager. (String, optional)
-keyManagerScopeName
Specifies the scope of the key manager. (String, optional)
-ssslKeyRingName
Specifies a system SSL (SSSL) key ring name. The value for this parameter has no affect unless the SSL configuration type is SSSL. (String, optional)
-v3timeout
- Specifies the time out in seconds for System SSL configuration types. Values range from 1 to 86400. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

[jun2010]
jun2010



Related concepts
Key management for cryptographic uses
Related tasks
Using the wsadmin scripting AdminTask object for scripted administration
Automating SSL configurations using scripting
Creating an SSL configuration at the node scope using scripting
Reference topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 7:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-dist&topic=rxml_atsslconfig
File name: rxml_atsslconfig.html