You can use the Jython or Jacl scripting languages to configure
keystores with the wsadmin tool. A keystore is created by the application
server during install and can contain cryptographic keys or certificates.
The commands and parameters in the KeyStoreCommands group can be used
to create, delete, and manage keystores.
The KeyStoreCommands command group for the AdminTask object includes
the following commands:
changeKeyStorePassword
The changeKeyStorePassword command
modifies the password of a keystore. The command automatically saves
the new password to the configuration.
Required
parameters
- -keyStoreName
- Specifies the name of the password to change. (String, required)
- -keyStorePassword
- Specifies the name of the password to change. (String, required)
- -newKeyStorePassword
- Specifies the new password that to use to access the keystore.
(String, required)
- -newKeyStorePasswordVerify
- Specifies the new password to confirm the new keystore password.
(String, required)
Optional parameters
- -scopeName
- Specifies the management scope of the keystore. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask changeKeyStorePassword {-keystoreName myKeystore -keyStorePassword
WebAS -newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd}
Using Jython string:
AdminTask.changeKeyStorePassword('[-keystoreName myKeystore -keyStorePassword
WebAS -newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd]')
Using Jython list:
AdminTask.changeKeyStorePassword(['-keystoreName', 'myKeystore', '-keyStorePassword',
'WebAS', '-newKeyStorePassword', 'newpwd', '-newKeyStorePasswordVerify', 'newpwd'])
Interactive mode example usage:
Using Jacl:
$AdminTask changeKeyStorePassword {-interactive}
Using Jython:
AdminTask.changeKeyStorePassword('-interactive')
changeMultipleKeyStorePasswords
The changeMultipleKeyStorePasswords command
updates the passwords for each keystores in the configuration that
has a specific password. This is useful because when you create keystore
files on the system, they will have WebAS as a password by
default.
Required parameters
- -keyStorePassword
- Specifies the name of the password that you want to change. (String,
required)
- -newKeyStorePassword
- Specifies the new password that you will use to access the keystore.
(String, required)
- -newKeyStorePasswordVerify
- Confirms the new keystore password. (String, required)
Optional parameters
None.
Examples
Batch mode example usage:
Using Jacl:
$AdminTask changeMultipleKeyStorePasswords {-keyStorePassword WebAS
-newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd}
Using Jython string:
AdminTask.changeMultipleKeyStorePasswords('[-keyStorePassword WebAS
-newKeyStorePassword newpwd -newKeyStorePasswordVerify newpwd]')
Using Jython list:
AdminTask.changeMultipleKeyStorePasswords(['-keyStorePassword', 'WebAS',
'-newKeyStorePassword', 'newpwd', '-newKeyStorePasswordVerify', 'newpwd'])
Interactive mode example usage:
Using Jacl:
$AdminTask changeMultipleKeyStorePasswords {-interactive}
Using Jython:
AdminTask.changeMultipleKeyStorePasswords('-interactive')
createKeyStore
The createKeyStore command
creates the keystore settings in the configuration and the keystore
database.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore configuration object.
(String, required)
- -keyStoreType
- The implementation of the keystore management. (String, required)
- -keyStoreLocation
- The location of the keystore. For file based, the location is
the files system path to the keystore database. For hardware keystore,
the location is the path to the token library. (String, required)
- -keyStorePassword
- The password that protects the keystore. (String, required)
- -keyStorePasswordVerify
- The password that protects the keystore. (String, required)
Optional parameters
- -keyStoreProvider
- The provider used to implement the keystore. (String, optional)
- -keyStoreIsFileBased
- Set the value of this parameter to true if the keystore
is file based. Set the value of this parameter to false for
hardware crypto keystores. (Boolean, optional)
- -keyStoreHostList
- A list of host names that indicate from where the keystore is
remotely managed, separated by commas. (String, optional)
- -keyStoreInitAtStartup
- Set the value of this parameter to true if the keystore
is initialized at startup. Otherwise, set the value of this parameter
to false. (Boolean, optional)
- -keyStoreReadOnly
- Set the value of this parameter to true if you cannot
write to the keystore. Otherwise, set the value of this parameter
to false. (Boolean, optional)
- -keyStoreStashFile
- Set the value of this parameter to true if you want to
create stash files for CMS type keystore. Otherwise, set the value
of this parameter to false. (Boolean, optional)
- -enableCryptoOperations
- Specifies if the keystore object will be used for hardware cryptographic
operations or not. The default value is false. (Boolean,
optional)
- -keyStoreDescription
- Specifies user defined text to describe the keystore of interest.
(String, optional)
- -keyStoreUsage
- Specifies the keystore usage of interest. Specify SSLKeys, KeySetKeys, RootKeys, DeletedKeys, DefaultSigners,
or RSATokenKeys. (String, optional)
- -scopeName
- The name that uniquely identifies the management scope, for example: (cell):localhostNode01Cell.
(String, optional)
- -controlRegionUser
- Specifies the control region user to create a writable keystore
object for the control regions key ring. Specify this option for SAF
key rings when SAF writable key rings is enabled. (String, optional)
- -servantRegionUser
- Specifies the servant region user to create a writable keystore
object for the servant regions key ring. Specify this option for SAF
key rings when SAF writable key rings is enabled. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask createKeyStore {-keyStoreName testKS -keyStoreType JCEKS
-keyStoreLocation c:/temp/testKeyFile.p12 -keyStorePassword testpwd
-keyStorePasswordVerify testpwd -keyStoreIsFileBased true -keyStoreInitAtStartup
true -keyStoreReadOnly false}
Using Jython string:
AdminTask.createKeyStore('[-keyStoreName testKS -keyStoreType JCEKS -keyStoreLocation
c:/temp/testKeyFile.p12 -keyStorePassword testpwd -keyStorePasswordVerify testpwd
-keyStoreIsFileBased true -keyStoreInitAtStartup true -keyStoreReadOnly false]')
Using Jython list:
AdminTask.createKeyStore(['-keyStoreName', 'testKS', '-keyStoreLocation', '-keyStoreType',
'JCEKS', 'c:/temp/testKeyFile.p12', '-keyStorePassword', 'testpwd',
'-keyStorePasswordVerify', 'testpwd', '-keyStoreIsFileBased', 'true',
'-keyStoreInitAtStartup', 'true', '-keyStoreReadOnly', 'false'])
Interactive mode example usage:
Using Jacl:
$AdminTask createKeyStore {-interactive}
Using Jython:
AdminTask.createKeyStore('-interactive')
createCMSKeyStore
The createCMSKeyStore command
creates a CMS keystore database and the keystore settings in the configuration.
Required parameters
- -cmsKeyStoreURI
- The URI of the CMS keystore. (String, required)
- -pluginHostName
- The host name of the plug-in. (String, required)
Optional parameters
None.
Examples
Batch mode example usage:
Using Jacl:
$AdminTask createCMSKeyStore {-cmsKeyStoreURI CMSKeystoreURI -pluginHostName myHostName}
Using Jython string:
AdminTask.createCMSKeyStore('-cmsKeyStoreURI CMSKeystoreURI -pluginHostName myHostName')
Using Jython list:
AdminTask.createCMSKeyStore(['-cmsKeyStoreURI', 'CMSKeystoreURI', '-pluginHostName',
'myHostName'])
Interactive mode example usage:
Using Jacl:
$AdminTask createCMSKeyStore {-interactive}
Using Jython:
AdminTask.createCMSKeyStore('-interactive')
deleteKeyStore
The deleteKeyStore command
deletes the settings of a keystore from the configuration and the
keystore file.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore that you want to
delete. (String, required)
Optional parameters
- -scopeName
- The name that uniquely identifies the management scope, for example: (cell):localhostNode01Cell.
(String, optional)
- -removeKeyStoreFile
- Specifies whether to remove the keystore file. Specify true to
remove the keystore file or false to keep the keystore file
in your configuration. (Boolean, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteKeyStore {-keyStoreName testKS}
Using Jython string:
AdminTask.deleteKeyStore('[-keyStoreName testKS]')
Using Jython list:
AdminTask.deleteKeyStore(['-keyStoreName', 'testKS'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteKeyStore {-interactive}
Using Jython:
AdminTask.deleteKeyStore('-interactive')
exchangeSigners
The exchangeSigners command
exchange signer certificate between keystores.
Required parameters
- -keyStoreName1
- The name that uniquely identifies a keystore. You must specify
a second keystore name using the keyStoreName2 parameter. (String,
required)
- -keyStoreName2
- The name that uniquely identifies a keystore. You must specify
a second keystore name using the keyStoreName1 parameter. (String,
required)
Optional parameters
- -keyStoreScope1
- The scope name of the keystore that you specified with the keyStoreName1
parameter. (String, optional)
- -keyStoreScope2
- The scope name of the keystore that you specified with the keyStoreName2
parameter. (String, optional)
- -certificateAlaisList1
- A list of aliases separated by a comma. (String, optional)
- -certificateAliasList2
- A list of aliases separated by a comma. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask exchangeSigners {-keyStoreName1 testKS -certificateAliasList1 testCert1
-keyStoreName2 secondKS -certificateAlaisList2 certAlis}
Using Jython string:
AdminTask.exchangeSigners('[-keyStoreName1 testKS -certificateAliasList1 testCert1
-keyStoreName2 secondKS -certificateAlaisList2 certAlis]')
Using Jython list:
AdminTask.exchangeSigners(['-keyStoreName1', 'testKS', '-certificateAliasList1',
'testCert1', '-keyStoreName2', 'secondKS', '-certificateAlaisList2',
'certAlis'])
Interactive mode example usage:
Using Jacl:
$AdminTask exchangeSigners {-interactive}
Using Jython:
AdminTask.exchangeSigners('-interactive')
getKeyStoreInfo
The getKeyStoreInfo command
displays the settings of a particular keystore.
Required parameters
- -keyStoreName
- The name that uniquely identifies the keystore. (String, required)
Optional parameters
- -scopeName
- The name that uniquely identifies the management scope, for example: (cell):localhostNode01Cell.
(String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getKeyStoreInfo {-name testKS}
Using Jython string:
AdminTask.getKeyStoreInfo('[-name testKS]')
Using Jython list:
AdminTask.getKeyStoreInfo(['-name', 'testKS'])
Interactive mode example usage:
Using Jacl:
$AdminTask getKeyStoreInfo {-interactive}
Using Jython:
AdminTask.getKeyStoreInfo('-interactive')
listKeyFileAliases
The listKeyFileAliases command
lists the certificates in a keystore file.
Required parameters
- -keyFilePath
- The path of the key file. (String, required)
- -keyFilePassword
- The password for the key file. (String, required)
- -keyFileType
- The key file type. (String, required)
Optional parameters
None.
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask listKeyFileAliases {-keyFilePath /temp/testKeyFile.p12
-keyFilePassword testPwd -keyFileType PKCS12}
- Using Jython string:
AdminTask.listKeyFileAliases('[-keyFilePaht /temp/testKeyFile.p12
-keyFilePassword testPwd -keyFileType PKCS12]')
- Using Jython list:
AdminTask.listKeyFileAliases(['-keyFilePaht', '/temp/testKeyFile.p12',
'-keyFilePassword', 'testPwd', '-keyFileType', 'PKCS12'])
Interactive mode example usage:
Using Jacl:
$AdminTask listKeyFileAliases {-interactive}
Using Jython:
AdminTask.listKeyFileAliases('-interactive')
listKeyStores
The listKeyStores command
lists the keystore for a particular scope.
Required parameters
None.
Optional parameters
- -scopeName
- Specifies the name that uniquely identifies the management scope,
for example: (cell):localhostNode01Cell. (String, optional)
- -all
- Specify the value of this parameter as true to list all
keystores. This parameter overrides the scopeName parameter. The default
value is false. (Boolean, optional)
- -keyStoreUsage
- Specifies the keystore usage of interest. Specify SSLKeys, KeySetKeys, RootKeys, DeletedKeys, DefaultSigners,
or RSATokenKeys. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listKeyStores
Using Jython:
AdminTask.listKeyStores()
Interactive mode example usage:
Using Jacl:
$AdminTask listKeyStores {-interactive}
Using Jython:
AdminTask.listKeyStores('-interactive')
listKeyStoreTypes
The listKeyStoreTypes command
lists all valid keystore types.
Required
parameters
None.
Optional parameters
None.
Examples
Batch mode example usage:
Using Jacl:
$AdminTask listKeyStoreTypes
Using Jython:
AdminTask.listKeyStoreTypes()
Interactive mode example usage:
Using Jacl:
$AdminTask listKeyStoreTypes {-interactive}
Using Jython string:
AdminTask.listKeyStoreTypes('-interactive')
modifyKeyStore
The
modifyKeyStore command
modifies attributes for an existing keystore. Only some keystore attributes
are modifiable, depending on what you are modifying. Use the following
guidelines to use the command:
- To use this command to change the keystore file that the keystore
object references, specify the keyStoreName, keyStoreLocation, keyStoreType,
and keyStorePassword parameters.
Required parameters
- -keyStoreName
- Specifies the unique name that identifies the keystore. (String,
required)
Optional parameters
- -scopeName
- Specifies the management scope of the keystore. (String, optional)
- -keyStoreProvider
- Specifies the provider for the keystore. (String, optional)
- -keyStoreType
- Specifies one of the predefined keystore types. Valid values are JCEKS, CMSKS, PKCS12, PKCS11,
and JKS. (String, optional)
- -keyStoreLocation
- Specifies the fully qualified location of the keystore file. To
modify the location of the keystore file, you must specify the keyStoreLocation,
keyStoreType, keyStorePassword, and keyStoreName parameters. (String,
optional)
- -keyStorePassword
- Specifies the password to open the keystore. Use the changeKeystorePassword
command to change the password of the keystore. (String, optional)
- -keyStoreIsFileBased
- Specifies whether the keystore is file based. To modify whether
the keystore is file-based, specify the keyStoreIsFileBased and keyStoreName
parameters. (Boolean, optional)
- -keyStoreInitAtStartup
- Specifies whether the keystore initiates at server startup. To
modify whether the keystore initiates at server startup, specify the
keyStoreInitAtStartup and keyStoreName parameters. (Boolean, optional)
- -keyStoreReadOnly
- Specifies whether the keystore is writable. To modify whether
the keystore is read-only, specify the keyStoreReadOnly and keyStoreName
parameters. (Boolean, optional)
- -keyStoreDescription
- Specifies a statement that describes the keystore. To modify the
keystore description, specify the keyStoreDescription and keyStoreName
parameters. (String, optional)
- -keyStoreUsage
- Specifies the keystore usage of interest. Specify SSLKeys, KeySetKeys, RootKeys, DeletedKeys, DefaultSigners,
or RSATokenKeys. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask modifyKeyStore {-keyStoreName CellDefaultKeyStore
-keyStoreLocation /temp/testKeyFile.p12 -keyStoreType JCEKS
-keyStorePassword my1password}
Using Jython:
AdminTask.modifyKeyStore('keyStoreName CellDefaultKeyStore -keyStoreLocation
/temp/testKeyFile.p12 -keyStoreType JCEKS -keyStorePassword my1password')
Interactive mode example usage:
Using Jacl:
$AdminTask modifyKeyStore {-interactive}
Using Jython:
AdminTask.modifyKeyStore('-interactive')