You can use the Jython or Jacl scripting languages to migrate key store configurations. Use the commands in the SSLMigrationCommands group to convert self-signed certificates to chained personal certificates and to enable writable key rings.
The convertSelfSignedCertificatesToChained command converts specific self-signed certificates to chained personal certificates.
Syntax
wsadmin>$AdminTask convertSelfSignedCertificatesToChained
[-certificateReplacementOption ALL_CERTIFICATES | DEFAULT_CERTIFICATES | KEYSTORE_CERTIFICATES]
[-keyStoreName keystore_name]
[-keyStoreScope keystore_scope]
[-rootCertificateAlias alias_name]
Required parameters
This option looks for all self-signed certificates in all keystores with in the specified scope.
The scope can be provided in the -keyStoreScope parameter. If no scope is provided using the -keyStoreScope parameter, all scopes are visited.
This option looks for self-signed certificates in the default CellDefaultKeyStore and NodeDefaultKeyStore keystores within the specified scope.
The scope can be provided with the -keyStoreScope parameter. If no scope is provided using the -keyStoreScope parameter, all scopes are visited.
This option replaces only those self-signed certificates in the keystore that are specified by the -keyStoreName parameter.
If no scope is provided using the -keyStoreScope parameter, the default scope is used.
Optional parameters
Examples
Batch mode example usage:
$AdminTask convertSelfSignedCertificatesToChained {-certificateReplacementOption ALL_CERTIFICATES -keyStoreName testKS}
AdminTask.convertSelfSignedCertificatesToChained('[-certificateReplacementOption ALL_CERTIFICATES -keyStoreName testKS]')
AdminTask.convertSelfSignedCertificatesToChained(['-certificateReplacementOption', 'ALL_CERTIFICATES', '-keyStoreName', 'testKS'])
Interactive mode example usage:
$AdminTask exchangeSigners {-interactive}
AdminTask.exchangeSigners('-interactive')
The enableWritableKeyrings command modifies the keystore and enables writable SAF support. The system uses this command during migration. The command creates additional writable keystore objects for the control region and servant region key rings for SSL keystores.
Required parameters
Optional parameters
Examples
Batch mode example usage:
AdminTask.enableWritableKeyrings('[-keyStoreName testKS -controlRegionUser CRUser1 -servantRegionUser SRUser1]')
AdminTask.enableWritableKeyrings(['-keyStoreName', 'testKS', '-controlRegionUser', 'CRUser1', '-servantRegionUser', 'SRUser1'])
Interactive mode example usage:
AdminTask.enableWritablekeyrings('-interactive')
The convertSSLConfig command migrates existing SSL configurations to the new configuration object format for SSL configurations.
Required parameters
Optional parameters
None.Examples
Batch mode example usage:
AdminTask.convertSSLConfig('[-keyStoreName testKS -controlRegionUser CRUser1 -servantRegionUser SRUser1]')
AdminTask.convertSSLConfig(['-keyStoreName', 'testKS', '-controlRegionUser', 'CRUser1', '-servantRegionUser', 'SRUser1'])
Interactive mode example usage:
AdminTask.convertSSLConfig('-interactive')