Use the WLST commands listed in Table 3-14 to view and manage JKS keystore credentials and certificates.
Note:
The commands in this section apply to Oracle Infrastructure Web Services only.
To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage').
You must use the OPSS keystore commands if the keystore is KSS. You can view the relevant commands using following command syntax:
svc = getOpssService(name='KeyStoreService')
svc.help()
Table 3-14 JKS Keystore Configuration Commands
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Delete a single |
Online |
|
|
Delete all |
Online |
|
|
Displays the string representing the contents of a user's certificate if the alias specifies a |
Online |
|
|
Export a trusted certificate or a certificate chain associated with a private key, indicated by a specified alias, to a specified location. |
Online |
|
|
Import a trusted certificate or a certificate chain associated with a private key, indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location. |
Online |
|
|
List all the aliases in the keystore. |
Online |
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Delete a single KeyStore.TrustedCertificateEntry entry from the keystore. You cannot delete the keyStore.PrivateKeyEntry.
Syntax
deleteWSMKeyStoreEntry(alias)
| Arguments | Description |
|---|---|
|
|
Alias of the certificate to be deleted. |
Examples
In this example, the alias for a key store entry, testalias1, is deleted from the keystore.
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntry('testalias')
Starting Operation deleteWSMKeyStoreEntry ...
Certificate for alias "testalias" successfully deleted.
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Delete all KeyStore.TrustedCertificateEntry entries from the keystore except those identified by the aliases in the exclusion list. If no argument is passed then all the KeyStore.TrustedCertificateEntry entries will be deleted.
Syntax
deleteWSMKeyStoreEntries(exclusionList=None)
| Arguments | Description |
|---|---|
|
|
Optional. List of aliases for the certificate that should not be deleted. |
Examples
In this example, all key store entries are deleted from the keystore, except for the testalias and testalias2 aliases, which are specified on the exclusion list:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries(['testalias', 'testalias2']) Starting Operation deleteWSMKeyStoreEntries ... Certificate(s) deleted successfully.
In this example, all key store entries are deleted from the keystore:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries()
Displays the string representing the contents of a user's certificate if the alias specifies a KeyStore.TrustedCertificateEntry. Displays the certificates in the chain if the alias points to a certificate chain specified by a KeyStore.PrivateKeyEntry.
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Syntax
displayWSMCertificate(alias)
| Arguments | Description |
|---|---|
|
|
Alias of the certificate/certificate chain to be displayed. |
Examples
In this example, the contents of the orakey trusted certificate is displayed.
wls:/base_domain/serverConfig>displayWSMCertificate('orakey')
Starting Operation displayWSMCertificate ...
[
Version: V3
Subject: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus:
101336654071087305620295721341875459581727184852017960998615641847764412775989
046768838406911494435712364431883104460420101263455337490958825568587912620074
497379158835791101805994438262634259467352941329678718608662643461089403600239
418798937444529854556507844518713085827283731161032187719240566731105687269
public exponent: 65537
Validity: [From: Tue Apr 07 15:04:45 PDT 2009,
To: Thu Feb 14 14:04:45 PST 2019]
Issuer: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US
SerialNumber: [ 49dbcdfd]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 69 29 71 5D 97 1C 28 07 F1 5E 6A AA 49 A7 F7 31 i)q]..(..^j.I..1
0010: F2 B6 91 91 A1 7E D3 F9 1A C6 58 38 85 00 BA 49 ..........X8...I
0020: 21 69 E0 06 8D 9F BF 7B C4 8C 83 95 69 4A 49 EB !i..........iJI.
0030: 70 D8 7E A9 75 0D 8C C5 7C 9B 14 AB 93 76 A9 35 p...u........v.5
0040: 56 21 71 77 8D 2A AB 1C CA 81 E0 15 36 4E 81 0A V!qw.*......6N..
0050: 55 8F D4 5E 1C D0 BF 12 A3 44 8E 65 18 D9 4C E6 U..^.....D.e..L.
0060: 4C 5E 14 4A 7F DF CD 51 59 43 02 41 67 B0 EA 3E L^.J...QYC.Ag..>
0070: 58 F4 38 50 3B 2D A3 81 08 8A 84 4C 4B E0 8B 3E X.8P;-.....LK..>
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Export a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The certificate will be exported to the specified location.
If the type argument is Certificate:
If the alias is pointing to KeyStore.TrustedCertificateEntry, it will return the trusted certificate associated with the entry.
If the alias is pointing to KeyStore.PrivateKeyEntry, it will return the first certificate in the certificate chain.
If the alias does not point to either KeyStore.TrustedCertificateEntry or KeyStore.PrivateKeyEntry, it will return an error message.
If the type argument is PKCS7:
If the alias is pointing to a KeyStore.PrivateKeyEntry, it will return the certificate chain associated with the entry in PKCS7 format.
If the alias does not point to KeyStore.PrivateKeyEntry, it will return an error message.
If the type argument is set to an invalid value, an error message is returned.
Syntax
exportWSMCertificate(alias, certFile, type)
| Arguments | Description |
|---|---|
|
|
Alias of the certificate to be exported. |
|
|
Location of the file where the exported certificate will be stored. |
|
|
Type of keystore entry to be exported. Valid values are:
|
Examples
In this example, the trusted certificate testalias is identified by type as Certificate and is exported to the specified certificate.cer file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias','/tmp/certificate.cer','Certificate')
Starting Operation exportWSMCertificate ...
Certificate for alias "testalias" successfully exported.
In this example, the certificate chain testalias2 is identified by type as PKCS7 and is exported to the specified certificatechain.p7b file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias2','/tmp/certificatechain.p7b','PKCS7')
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Import a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location.
Syntax
importWSMCertificate(alias, certFile, type, password=None)
| Arguments | Description |
|---|---|
|
|
Alias of the certificate to be imported. |
|
|
Location of the file from which the Base64 encoded certificate will be imported. |
|
|
Type of keystore entry to be imported. Valid values are:
|
|
|
Optional. Password associated with the private key. |
Examples
In this example, the trusted certificate testalias is identified by type as Certificate and is imported from the specifiedcertificate.cer file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificate.cer','Certificate')
Starting Operation importWSMCertificate ...
Certificate for alias "testalias" successfully imported.
In this example, the password-protected certificate chain testalias is identified by type as PKCS7 and is imported from the specified certificatechain.p7b file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7',password='privatekeypassword')
In this example, the certificate chain testalias is identified by type as PKCS7 and is imported from the specified certificatechain.p7b file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7')
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
List all the aliases in the keystore.
Syntax
listWSMKeystoreAliases()
Examples
In this example, all the aliases in the keystore are listed.
wls:/base_domain/serverConfig>listWSMKeystoreAliases() Starting Operation listWSMKeystoreAliases ... testalias orakey testalias2