The securityUtility command supports
plain text encryption and SSL certificate creation for a Liberty profile.
Syntax
The command syntax is
as follows:
securityUtility task [options]
Where
the options are different based on the value
of task.
Parameters
The following tasks
are available for the
securityUtility command:
- encode
- Encodes the provided text by using Base64.
If no options are specified, the command enters interactive mode.
Otherwise, the provided text is encoded. If the text includes
spaces it must be put in quotation marks.

The
options are:
- --encoding=encoding_type
- Specifies how to encode the password. Supported encodings are xor, aes,
and hash. If this option is not provided, the default
is xor.
- --key=encryption_key
- Specifies the key to be used when encoding using AES encryption.
This string is hashed to produce an encryption key that is used to
encrypt and decrypt the password. The key can be provided to the server
by defining the variable wlp.password.encryption.key whose
value is the key. If this option is not provided, a default key is
used.
- text
- The text that is to be encoded.
See also
Liberty profile: The limits to protection through password encryption.
- createSSLCertificate
- Creates a default SSL certificate for use in server configuration.
Generated keystore file key.js is placed under /resources/security directory
of the server that is specified in --server name.
The key algorithm is RSA and signature algorithm is SHA1 with RSA.
For more control over the certificate creation, use keytool directly.
The
options are:
- --server=name
- Specifies the name of the Liberty profile server for keystore
creation. This option is required.
- --password=passwd
- Specifies the password to be used in the keystore, which must
be at least six characters in length. This option is required.
--passwordEncoding=password_encoding_type
Specifies how to encode the keystore password. Supported encodings
are xor or aes. If this option is
not provided, a default value of xor is used.
--passwordkey=password_encryption_key
Specifies the key to use to encode the keystore password by using
AES encryption. This string is hashed to produce an encryption key
that is used to encrypt and decrypt the password. The key can be provided
to the server by defining the variable wlp.password.encryption.key whose
value is the key. If this option is not provided, a default key is
used.
- --validity=days
- Specifies the number of days that the certificate is valid, which
must be equal to or greater than 365. If this option is not provided,
a default value of 365 is used.
- --subject=DN
- Specifies the Domain Name (DN) for the certificate subject and
issuer. If this option is not provided, a default value of CN=localhost,O=ibm,C=us is
used.
- help
- Prints help information for a specified task.
Usage
The following examples demonstrate
correct syntax:
securityUtility encode
--encoding=aes GiveMeLiberty
securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365
--subject=CN=mycompany,O=myOrg,C=myCountry
securityUtility help createSSLCertificate
CAUTION:
Different operating system might treat some characters
differently. For the Windows environment, if you have
! in
your input string, it needs to be escaped by the
^ character.
For example,
D:\Liberty\images\855\Liberty855\wlp\bin>securityUtility encode "a^!"