Liberty profile: securityUtility command

The securityUtility command supports plain text encryption and SSL certificate creation for a Liberty profile.

Syntax

The command syntax is as follows:

securityUtility task [options] 

Where the options are different based on the value of task.

Parameters

The following tasks are available for the securityUtility command:
encode
Encodes the provided text by using Base64. If no options are specified, the command enters interactive mode. Otherwise, the provided text is encoded. If the text includes spaces it must be put in quotation marks.
Fix Pack 8550 The options are:
--encoding=encoding_type
Specifies how to encode the password. Supported encodings are xor, aes, and hash. If this option is not provided, the default is xor.
--key=encryption_key
Specifies the key to be used when encoding using AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. The key can be provided to the server by defining the variable wlp.password.encryption.key whose value is the key. If this option is not provided, a default key is used.
text
The text that is to be encoded.
See also Liberty profile: The limits to protection through password encryption.
createSSLCertificate
Creates a default SSL certificate for use in server configuration. Generated keystore file key.js is placed under /resources/security directory of the server that is specified in --server name. The key algorithm is RSA and signature algorithm is SHA1 with RSA. For more control over the certificate creation, use keytool directly.

The options are:

--server=name
Specifies the name of the Liberty profile server for keystore creation. This option is required.
--password=passwd
Specifies the password to be used in the keystore, which must be at least six characters in length. This option is required.
Fix Pack 8550 --passwordEncoding=password_encoding_type
Fix Pack 8550 Specifies how to encode the keystore password. Supported encodings are xor or aes. If this option is not provided, a default value of xor is used.
Fix Pack 8550 --passwordkey=password_encryption_key
Fix Pack 8550 Specifies the key to use to encode the keystore password by using AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. The key can be provided to the server by defining the variable wlp.password.encryption.key whose value is the key. If this option is not provided, a default key is used.
--validity=days
Specifies the number of days that the certificate is valid, which must be equal to or greater than 365. If this option is not provided, a default value of 365 is used.
--subject=DN
Specifies the Domain Name (DN) for the certificate subject and issuer. If this option is not provided, a default value of CN=localhost,O=ibm,C=us is used.
help
Prints help information for a specified task.

Usage

The following examples demonstrate correct syntax:

securityUtility encode Fix Pack 8550 --encoding=aes GiveMeLiberty
securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365
                                     --subject=CN=mycompany,O=myOrg,C=myCountry
securityUtility help createSSLCertificate 
CAUTION:
Different operating system might treat some characters differently. For the Windows environment, if you have ! in your input string, it needs to be escaped by the ^ character. For example,
D:\Liberty\images\855\Liberty855\wlp\bin>securityUtility encode "a^!" 

Icon that indicates the type of topic Reference topic

Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Monday, 21 April 2014
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=rwlp_command_securityutil
File name: rwlp_command_securityutil.html