Securing communications using the wsadmin tool
The application server provides several methods to secure communication between a server and a client. Use this topic to configure Secure Sockets Layer (SSL), keystores, certificate authorities, key sets and groups, and certificates.
Procedure
- Configure secure communications using SSL. Use the SSLConfigCommands, SSLConfigGroupCommands, DynamicSSLConfigSelections and SSLTransport command groups for the AdminTask object, and complete the following tasks to create and administer SSL configurations:
- Create a keystore configuration. Use the KeyStoreCommands command group for the AdminTask object, and complete the following tasks to create and administer keystore configurations.
- Create a certificate authority (CA) client configuration. A CA client object contains all of the configuration information necessary to connect to a third-party CA server. Use the CAClientCommands command group for the AdminTask object, and complete the following tasks to create and administer CA client objects in your configuration:
- Administer certificate configurations. Use the CertificateRequestCommands, PersonalCertificateCommands, and SignerCertificateCommands command groups for the AdminTask object, and complete the following tasks to administer personal certificates, CA certificates, and self-signed certificates:
- Create key sets and key groups.
Use the KeySetCommands, KeySetGroupCommands, and KeyReferenceCommands command groups for the AdminTask object to create and administer key set and group configurations.
次主題
Creating an SSL configuration at the node scope using scripting
A Secure Socket Layer (SSL) configuration references many other configuration objects. To help you make valid selections for the new SSL configuration before you create it, view information about existing configuration objects. Information about existing objects is also useful when you create a node scoped SSL configuration using the createSSLConfig command of the AdminTask object.Automating SSL configurations using scripting
SSL configuration is needed for WebSphere to perform SSL connections with other servers. A SSL configuration can be configured through the Admin Console. But if an automated way to create a SSL configuration is desired then AdminTask should be used.Updating default key store passwords using scripting
Use the Jython or Jacl scripting language to change the default key store passwords. A key store file is created with a default password when you install the application server. Change this password to protect your security configuration.Configuring certificate authority client objects using the wsadmin tool
Use this topic to create a certificate authority (CA) client object. The client object contains all of the configuration information necessary to connect to your third-party CA server. A CA client must exist in your configuration before you can issue a request to the CA to create personal certificates with the requestCACertificate command.Administering certificate authority clients using the wsadmin tool
Use this topic to modify certificate authority (CA) client objects. The client object contains all of the configuration information necessary to connect to your third-party CA server.Setting a certificate authority certificate as the default certificate using the wsadmin tool
Use this topic to make a request to an external certificate authority (CA) to create a personal certificate. After the CA returns the certificate and the certificate is saved in the keystore, then you can use it as the server default personal certificate.Creating certificate authority (CA) personal certificates using the wsadmin tool
Use this topic to create CA certificates from a certificate authority (CA).Revoking certificate authority personal certificates using the wsadmin tool
You can revoke CA certificates from a certificate authority (CA). Revoke personal certificates that are no longer being used in your configuration.CAClientCommands command group for the AdminTask object
You can use the Jython scripting language to manage your certificate authority (CA) client configurations with the wsadmin tool. Use the commands and parameters in the CAClientCommands group to create, modify, query, and remove connections to a third-party CA server.Creating self-signed certificates using scripting
Use the Jython or Jacl scripting language to create self-signed certificates with the wsadmin tool.keyManagerCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security. The commands and parameters in the keyManagerCommands group can be used to manage key manager settings. You can use these commands to create, modify, list, or obtain information about key managers.KeyStoreCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure keystores with the wsadmin tool. A keystore is created by the application server during installation and can contain cryptographic keys or certificates. The commands and parameters in the KeyStoreCommands group can be used to create, delete, and manage keystores.SSLConfigCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigCommands group can be used to create and manage Secure Sockets Layer (SSL) configurations and properties.SSLConfigGroupCommands group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SSLConfigGroupCommands group can be used to create and manage SSL configuration groups.TrustManagerCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the TrustManagerCommands group can be used to create, delete, and query trust manager settings in your configuration. You can also use these commands to create a custom trust manager for a pure client.KeySetCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the KeySetCommands group can be used to create, delete, and query for key set settings in your configuration.KeyReferenceCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the KeyReferenceCommands group can be used to create and manage the key reference settings for key set objects in your configuration.KeySetGroupCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the KeySetGroupCommands group can be used to create and manage key set groups. Use these commands to manage groups of public, private, and shared keys.DynamicSSLConfigSelections command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the DynamicSSLConfigSelections group can be used to create, delete, and query dynamic SSL configuration selection objects.PersonalCertificateCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the PersonalCertificateCommands group can be used to create and manage personal or signer certificates.WSCertExpMonitorCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the WSCertExpMonitorCommands group can be used to start or update the certificate expiration monitor.SignerCertificateCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the SignerCertificateCommands group can be used to create and modify signer certificates in relation to the key store file and to query for signer information on ports of remote hosts.CertificateRequestCommands command group of the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the CertificateRequestCommands group can be used to create and manage certificate requests.
Related tasks:


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_securecomm
檔名:txml_securecomm.html