Use the WLST commands listed in Table 3-14 to view and manage JKS keystore credentials and certificates.
Note:
The commands in this section apply to Oracle Infrastructure Web Services only.
To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage')
.
You must use the OPSS keystore commands if the keystore is KSS. You can view the relevant commands using following command syntax:
svc = getOpssService(name='KeyStoreService')
svc.help()
Table 3-14 JKS Keystore Configuration Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Delete a single |
Online |
|
Delete all |
Online |
|
Displays the string representing the contents of a user's certificate if the alias specifies a |
Online |
|
Export a trusted certificate or a certificate chain associated with a private key, indicated by a specified alias, to a specified location. |
Online |
|
Import a trusted certificate or a certificate chain associated with a private key, indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location. |
Online |
|
List all the aliases in the keystore. |
Online |
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Delete a single KeyStore.TrustedCertificateEntry
entry from the keystore. You cannot delete the keyStore.PrivateKeyEntry
.
Syntax
deleteWSMKeyStoreEntry(alias)
Arguments | Description |
---|---|
|
Alias of the certificate to be deleted. |
Examples
In this example, the alias for a key store entry, testalias1
, is deleted from the keystore.
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntry('testalias') Starting Operation deleteWSMKeyStoreEntry ... Certificate for alias "testalias" successfully deleted.
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Delete all KeyStore.TrustedCertificateEntry
entries from the keystore except those identified by the aliases in the exclusion list. If no argument is passed then all the KeyStore.TrustedCertificateEntry
entries will be deleted.
Syntax
deleteWSMKeyStoreEntries(exclusionList=None)
Arguments | Description |
---|---|
|
Optional. List of aliases for the certificate that should not be deleted. |
Examples
In this example, all key store entries are deleted from the keystore, except for the testalias
and testalias2
aliases, which are specified on the exclusion list:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries(['testalias', 'testalias2']) Starting Operation deleteWSMKeyStoreEntries ... Certificate(s) deleted successfully.
In this example, all key store entries are deleted from the keystore:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries()
Displays the string representing the contents of a user's certificate if the alias specifies a KeyStore.TrustedCertificateEntry
. Displays the certificates in the chain if the alias points to a certificate chain specified by a KeyStore.PrivateKeyEntry
.
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Syntax
displayWSMCertificate(alias)
Arguments | Description |
---|---|
|
Alias of the certificate/certificate chain to be displayed. |
Examples
In this example, the contents of the orakey
trusted certificate is displayed.
wls:/base_domain/serverConfig>displayWSMCertificate('orakey') Starting Operation displayWSMCertificate ... [ Version: V3 Subject: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 101336654071087305620295721341875459581727184852017960998615641847764412775989 046768838406911494435712364431883104460420101263455337490958825568587912620074 497379158835791101805994438262634259467352941329678718608662643461089403600239 418798937444529854556507844518713085827283731161032187719240566731105687269 public exponent: 65537 Validity: [From: Tue Apr 07 15:04:45 PDT 2009, To: Thu Feb 14 14:04:45 PST 2019] Issuer: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US SerialNumber: [ 49dbcdfd] ] Algorithm: [SHA1withRSA] Signature: 0000: 69 29 71 5D 97 1C 28 07 F1 5E 6A AA 49 A7 F7 31 i)q]..(..^j.I..1 0010: F2 B6 91 91 A1 7E D3 F9 1A C6 58 38 85 00 BA 49 ..........X8...I 0020: 21 69 E0 06 8D 9F BF 7B C4 8C 83 95 69 4A 49 EB !i..........iJI. 0030: 70 D8 7E A9 75 0D 8C C5 7C 9B 14 AB 93 76 A9 35 p...u........v.5 0040: 56 21 71 77 8D 2A AB 1C CA 81 E0 15 36 4E 81 0A V!qw.*......6N.. 0050: 55 8F D4 5E 1C D0 BF 12 A3 44 8E 65 18 D9 4C E6 U..^.....D.e..L. 0060: 4C 5E 14 4A 7F DF CD 51 59 43 02 41 67 B0 EA 3E L^.J...QYC.Ag..> 0070: 58 F4 38 50 3B 2D A3 81 08 8A 84 4C 4B E0 8B 3E X.8P;-.....LK..>
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Export a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The certificate will be exported to the specified location.
If the type
argument is Certificate
:
If the alias
is pointing to KeyStore.TrustedCertificateEntry
, it will return the trusted certificate associated with the entry.
If the alias
is pointing to KeyStore.PrivateKeyEntry
, it will return the first certificate in the certificate chain.
If the alias
does not point to either KeyStore.TrustedCertificateEntry
or KeyStore.PrivateKeyEntry
, it will return an error message.
If the type
argument is PKCS7
:
If the alias
is pointing to a KeyStore.PrivateKeyEntry
, it will return the certificate chain associated with the entry in PKCS7 format.
If the alias
does not point to KeyStore.PrivateKeyEntry
, it will return an error message.
If the type
argument is set to an invalid value, an error message is returned.
Syntax
exportWSMCertificate(alias, certFile, type)
Arguments | Description |
---|---|
|
Alias of the certificate to be exported. |
|
Location of the file where the exported certificate will be stored. |
|
Type of keystore entry to be exported. Valid values are:
|
Examples
In this example, the trusted certificate testalias
is identified by type as Certificate
and is exported to the specified certificate.cer
file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias','/tmp/certificate.cer','Certificate') Starting Operation exportWSMCertificate ... Certificate for alias "testalias" successfully exported.
In this example, the certificate chain testalias2
is identified by type as PKCS7
and is exported to the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias2','/tmp/certificatechain.p7b','PKCS7')
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
Import a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location.
Syntax
importWSMCertificate(alias, certFile, type, password=None)
Arguments | Description |
---|---|
|
Alias of the certificate to be imported. |
|
Location of the file from which the Base64 encoded certificate will be imported. |
|
Type of keystore entry to be imported. Valid values are:
|
|
Optional. Password associated with the private key. |
Examples
In this example, the trusted certificate testalias
is identified by type as Certificate
and is imported from the specifiedcertificate.cer
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificate.cer','Certificate') Starting Operation importWSMCertificate ... Certificate for alias "testalias" successfully imported.
In this example, the password-protected certificate chain testalias
is identified by type as PKCS7
and is imported from the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7',password='privatekeypassword')
In this example, the certificate chain testalias
is identified by type as PKCS7
and is imported from the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7')
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online
Description
List all the aliases in the keystore.
Syntax
listWSMKeystoreAliases()
Examples
In this example, all the aliases in the keystore are listed.
wls:/base_domain/serverConfig>listWSMKeystoreAliases() Starting Operation listWSMKeystoreAliases ... testalias orakey testalias2