Use this topic to create CA certificates from a certificate authority (CA).
AdminTask.listKeystores('-all true')
The
command returns the following sample output:CellDefaultKeyStore(cells/myCell|security.xml#KeyStore_1)
CellDefaultTrustStore(cells/myCell|security.xml#KeyStore_2)
CellLTPAKeys(cells/myCell|security.xml#KeyStore_3)
NodeDefaultKeyStore(cells/myCell|security.xml#KeyStore_1598745926544)
NodeDefaultTrustStore(cells/myCell|security.xml#KeyStore_1476529854789)
AdminTask.getKeyStoreInfo('[-keyStoreName CellDefaultKeyStore]')
The
command returns the following configuration information for the keystore
of interest:[ [location ${CONFIG_ROOT}/cells/myCell/key.p12] [password *****] [_Webspher
e_Config_Data_Id cells/myCell|security.xml#KeyStore_1] [_Websphere_Config_Da
ta_Version ] [useForAcceleration false] [slot 0] [type PKCS12] [additionalKeySto
reAttrs ] [fileBased true] [_Websphere_Config_Data_Type KeyStore] [customProvide
rClass ] [hostList ] [createStashFileForCMS false] [description [Default key sto
re for JenbCell01]] [readOnly false] [initializeAtStartup false] [managementScop
e (cells/JenbCell01|security.xml#ManagementScope_1)] [usage SSLKeys] [provider I
BMJCE] [name CellDefaultKeyStore] ]
AdminTask.listCAClients('-all true')
Parameter | Description | Data type |
---|---|---|
-certificateAlias | Specifies the alias of the certificate. You can specify a predefined certificate request. | String |
-keyStoreName | Specifies the name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. | String |
-caClientName | Specifies the name of the CA client that was used to create the CA certificate. | String |
-revocationPassword | Specifies the password to use to revoke the certificate at a later date. | String |
Parameter | Description | Data type |
---|---|---|
-keyStoreScope | Specifies the management scope of the keystore. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. | String |
-caClientScope | Specifies the management scope of the CA client. For a deployment manager profile, the default value is the cell scope. For an application server profile, the default value is the node scope. | String |
-certificateCommonName | Specifies the common name (CN) part of the full distinguished name (DN) of the certificate. This common name can represent a person, company, or machine. For websites, the common name is frequently the DNS host name where the server resides. | String |
-certificateSize | Specifies the size of the certificate key. The valid values are 512, 1024, 2048, 4096 and 8192. The default value is 2048. | String |
-certificateOrganization | Specifies the organization portion of the distinguished name. | String |
-certificateOrganizationalUnit | Specifies the organizational unit portion of the distinguished name. | String |
-certificateLocality | Specifies the locality portion of the distinguished name. | String |
-certificateState | Specifies the state portion of the distinguished name. | String |
-certificateZip | Specifies the zip code portion of the distinguished name. | String |
-certificateCountry | Specifies the country portion of the distinguished name. | String |
AdminTask.requestCACertificate('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore
-CAClientName myCAClient -revocationPassword revokeCApw')
AdminTask.queryCACertificate('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore')
AdminConfig.save()