You can revoke CA certificates from a certificate authority
(CA). Revoke personal certificates that are no longer being used in
your configuration.
Before you begin
Use the requestCACertificate command to create a personal
certificate with the requestCACertificate task before you can request
that the certificate authority revoke the certificate. Certificates
created with the requestCACertificate command have an associated reference
object in the configuration that you can use to submit the certificate
revocation request to the certificate authority.
About this task
This topic uses the revokeCACertificate command to submit
a request to revoke a certificate on the certificate authority. You
can only revoke a certificate that was created with the requestCACertificate
command. You must specify the revocation password that was provided
when the certificate was created. Use the same password to revoke
the certificate on the certificate authority.
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Determine the CA personal certificate to revoke.
Use
the listPersonalCertificates command to view a list of all personal
certificates and associated attributes for a specific keystore, as
the following example demonstrates:
AdminTask.listPersonalCertificates('-keyStoreName CellDefaultKeyStore')
The
command returns an attribute list for each personal certificate, including
CA personal certificates. CA personal certificates only return the
status attribute. You can revoke each CA personal certificates that
returns a COMPLETE status. Determine which CA personal certificate
to revoke.
- Revoke a CA personal certificate.
Use the
revokeCACertificate command to revoke the CA personal certificate
of interest. You must specify the name of the keystore, certificate
alias, and revocation password using the following parameters:
Table 1. Required parameters. This
table describes the revokeCACertificate command and its optional parameters:Parameter |
Description |
Data Type |
-keyStoreName |
Specifies the name of the keystore where the
CA personal certificate is stored. The value of this field is not
a path to the keystore file. |
String |
-certificateAlias |
Specifies the unique name that identifies the
CA personal certificate object and the alias name of the certificate
in the keystore. |
String |
-revocationPassword |
Specifies the password needed to revoke the
certificate. This is the same password that was provided when the
certificate was created. |
String |
You can specify additional information with the following
optional parameters:
Table 2. Optional parameters. This table describes the revokeCACertificate command and its
additional optional parametersParameter |
Description |
Data Type |
-keyStoreScope |
Specifies the management scope of the keystore.
For a deployment manager profile, the system uses the cell scope as
the default value. For an application server profile, the system uses
the node scope as the default value. To obtain a list of the keystore
scope values, see the listManagementScopes command,
which is part of the ManagementScopeCommands command
group. |
String |
-revocationReason |
Specifies the reason for revoking the certificate
of interest. The default value for this parameter is unspecified. |
String |
The following example revokes a CA personal certificate:
AdminTask.revokeCACertificate('[-keyStoreName CellDefaultKeyStore -certificateAlias myCertificate -revocationPassword pw4revoke]')
- Save your configuration changes.
Utilize o seguinte exemplo de comando para salvar suas alterações de
configuração:
AdminConfig.save()