This chapter contains the following topic:
WLST commands allow to manage Oracle wallets for Oracle Fusion Middleware components. Table 6-1 lists the available commands.
To obtain help for a command, invoke a command like the following:
help('command_name')
Certain commands require parameters like instance name, ias-component or process type. To obtain such information, invoke commands like the following:
state('serverName') [in WebLogic domain]
nmServerStatus(serverName='name', serverType='type') [in Standalone domain]
Note:
WLST allows you to import certificates in only PEM format.
Table 6-1 WLST Commands for Oracle Wallet Management
| Use this command... | To... | Use with WLST... |
|---|---|---|
|
Generate a certificate signing request in an Oracle wallet. |
Online |
|
|
Add a self-signed certificate to an Oracle wallet. |
Online |
|
|
Change the password to an Oracle wallet. |
Online |
|
|
Create an Oracle wallet. |
Online |
|
|
Delete an Oracle wallet. |
Online |
|
|
Export an Oracle wallet to a file. |
Online |
|
|
Export an object (for example, a certificate) from an Oracle wallet to a file. |
Online |
|
|
Display a certificate or other object present in an Oracle wallet. |
Online |
|
|
Import an Oracle wallet from a file. |
Online |
|
|
Import a certificate or other object from a file to an Oracle wallet. |
Online |
|
|
List all objects (such as certificates) present in an Oracle wallet. |
Online |
|
|
List all Oracle wallets configured for a component instance. |
Online |
|
|
Remove a certificate or other object from a component instance's Oracle wallet. |
Online |
See Also:
Administering Oracle Fusion Middleware for important instructions on how to launch the WLST shell to run SSL-related commands. Do not launch the WLST interface from any other location.
Online command that generates a certificate signing request in an Oracle wallet.
Description
This command generates a certificate signing request in Base64 encoded PKCS#10 format in an Oracle wallet for a component instance (Oracle HTTP Server). To get a certificate signed by a certificate authority (CA), send the certificate signing request to your CA.
Syntax
addCertificateRequest('instName', 'compName', 'compType', 'walletName', 'password', 'DN', 'keySize')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
DN |
Specifies the Distinguished Name of the key pair entry. |
|
keySize |
Specifies the key size in bits. |
Example
The following command generates a certificate signing request with DN cn=www.acme.com and key size 1024 in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> addCertificateRequest('inst1', 'ohs1', 'ohs','wallet1', 'password', 'cn=www.acme.com', '1024',)
Online command that adds a self-signed certificate.
Description
This command creates a key pair and wraps it in a self-signed certificate in an Oracle wallet for the specified component instance (Oracle HTTP Server). Only keys based on the RSA algorithm are generated.
Syntax
addSelfSignedCertificate('instName', 'compName', 'compType', 'walletName', 'password', 'DN', 'keySize')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
DN |
Specifies the Distinguished Name of the key pair entry. |
|
keySize |
Specifies the key size in bits. |
Example
The following command adds a self-signed certificate with DN cn=www.acme.com, key size 1024 to wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> addSelfSignedCertificate('inst1', 'ohs1', 'ohs','wallet1', 'password', 'cn=www.acme.com', '1024')
Online command that changes the password of an Oracle wallet.
Description
This command changes the password of an Oracle wallet for the specified component instance (Oracle HTTP Server). This command is only applicable to password-protected wallets.
Syntax
changeWalletPassword('instName', 'compName', 'compType', 'walletName','currPassword', 'newPassword')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the filename of the wallet. |
|
currPassword |
Specifies the current wallet password. |
|
newPassword |
Specifies the new wallet password. |
Example
The following command changes the password for wallet1 from currpassword to newpassword for Oracle HTTP Server instance ohs1 in application server instance inst1:
wls:/mydomain/serverConfig> changeWalletPassword('inst1', 'ohs1', 'ohs','wallet1', 'currpassword', 'newpassword')
Online command that creates an Oracle wallet.
Description
This command creates an Oracle wallet for the specified component instance (Oracle HTTP Server). Wallets can be of password-protected or auto-login type.
Syntax
createWallet('instName', 'compName', 'compType', 'walletName', 'password')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file to be created. |
|
password |
Specifies the wallet password. |
Example
The following command creates a wallet named wallet1 with password password, for Oracle HTTP Server instance ohs1 in application server instance inst1:
wls:/mydomain/serverConfig> createWallet('inst1', 'ohs1', 'ohs','wallet1', 'password')
The following command creates an auto-login wallet named wallet2 for Oracle WebCache instance wc1, in application server instance inst1:
wls:/mydomain/serverConfig> createWallet('inst1', 'wc1', 'webcache','wallet2', '')
Online command that deletes an Oracle wallet.
Description
This command deletes an Oracle wallet for the specified component instance.
Syntax
deleteWallet('instName', 'compName', 'compType', 'walletName')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file to be deleted. |
Example
The following command deletes a wallet named wallet1 for Oracle HTTP Server instance ohs1 in application server instance inst1:
wls:/mydomain/serverConfig> deleteWallet('inst1', 'ohs1', 'ohs','wallet1')
Online command that exports an Oracle wallet.
Description
This command exports an Oracle wallet, configured for a specified component instance, to files under the given directory. If the exported file is an auto-login only wallet, the file name is cwallet.sso. If it is password-protected wallet, two files are created—ewallet.p12 and cwallet.sso.
Syntax
exportWallet('instName', 'compName', 'compType', 'walletName','password', 'path')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
path |
Specifies the absolute path of the directory under which the object is exported. |
Example
The following command exports auto-login wallet wallet1 for Oracle HTTP Server instance ohs1 to file cwallet.sso under /tmp:
wls:/mydomain/serverConfig> exportWallet('inst1', 'ohs1', 'ohs', 'wallet1','','/tmp')
The following command exports password-protected wallet wallet2 for Oracle HTTP Server instance ohs1 to two files, ewallet.p12 and cwallet.sso, under /tmp:
wls:/mydomain/serverConfig> exportWallet('inst1', 'ohs1', 'ohs', 'wallet2', 'password', '/tmp')
Online command that exports a certificate or other wallet object to a file.
Description
This command exports a certificate signing request, certificate, certificate chain or trusted certificate present in an Oracle wallet to a file for the specified component instance. DN indicates the object to be exported.
Syntax
exportWalletObject('instName', 'compName', 'compType', 'walletName', 'password', 'type', 'path', 'DN')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
type |
Specifies the type of wallet object to be exported. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' or 'TrustedChain'. |
|
path |
Specifies the absolute path of the directory under which the object is exported as a file base64.txt. |
|
DN |
Specifies the Distinguished Name of the wallet object being exported. |
Example
The following command exports a certificate signing request with DN cn=www.acme.com in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1. The certificate signing request is exported under the directory /tmp:
wls:/mydomain/serverConfig> exportWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'CertificateRequest', '/tmp','cn=www.acme.com')
The following command exports a certificate with DN cn=www.acme.com in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:
wls:/mydomain/serverConfig> exportWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'Certificate', '/tmp','cn=www.acme.com')
The following command exports a trusted certificate with DN cn=www.acme.com in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1. The trusted certificate is exported under the directory /tmp:
wls:/mydomain/serverConfig> exportWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'TrustedCertificate', '/tmp','cn=www.acme.com')
The following command exports a certificate chain with DN cn=www.acme.com in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1. The certificate or certificate chain is exported under the directory /tmp:
wls:/mydomain/serverConfig> exportWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'TrustedChain', '/tmp','cn=www.acme.com')
Online command that displays information about a certificate or other object in an Oracle wallet.
Description
This command displays a specific certificate signing request, certificate or trusted certificate present in an Oracle wallet for the specified component instance. The wallet object is indicated by its index number, as given by the listWalletObjects command. For certificates or trusted certificates, it shows the certificate details including DN, key size, algorithm and other data. For certificate signing requests, it shows the subject DN, key size and algorithm.
Syntax
getWalletObject('instName', 'compName', 'compType', 'walletName', 'password', 'type', 'index')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
type |
Specifies the type of wallet object to be exported. Valid values are 'CertificateRequest', 'Certificate', and 'TrustedCertificate'. |
|
index |
Specifies the index number of the wallet object as returned by the |
Example
The following command shows certificate signing request details for the object with index 0 present in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ohs1', 'ohs','wallet1','password', 'CertificateRequest', '0')
The following command shows certificate details for the object with index 0 present in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ohs1', 'ohs','wallet1','password', 'Certificate', '0')
The following command shows trusted certificate details for the object with index 0, present in wallet1, for Oracle HTTP Server instance ohs1, in application serverinstance inst1:
wls:/mydomain/serverConfig> getKeyStoreObject('inst1', 'ohs1', 'ohs','wallet1','password', 'TrustedCertificate', '0')
Online command that imports an Oracle wallet from a file.
Description
This command imports an Oracle wallet from a file to the specified component instance for manageability. If the wallet being imported is an auto-login wallet, the file path must point to cwallet.sso; if the wallet is password-protected, it must point to ewallet.p12. The wallet name must be unique for the component instance.
Syntax
importWallet('instName', 'compName', 'compType', 'walletName', 'password', 'filePath')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet being imported. The name must be unique for the component instance. |
|
password |
Specifies the password of the wallet. |
|
filePath |
Specifies the absolute path of the wallet file being imported. |
Example
The following command imports the auto-login wallet file /tmp/cwallet.sso as wallet1 into Oracle HTTP Server instance ohs1. Subsequently, the wallet is managed with the name wallet1. No password is passed since it is an auto-login wallet:
wls:/mydomain/serverConfig> importWallet('inst1', 'ohs1', 'ohs', 'wallet1', '', '/tmp/cwallet.sso')
The following command imports password-protected wallet /tmp/ewallet.p12 as wallet2 into Oracle HTTP Server instance ohs1. Subsequently, the wallet is managed with the name wallet2. The wallet password is passed as a parameter:
wls:/mydomain/serverConfig> importWallet('inst1', 'ohs1', 'ohs', 'wallet2', 'password', '/tmp/ewallet.p12')
Online command that imports a certificate or other object into an Oracle wallet.
Description
This command imports a certificate, trusted certificate or certificate chain into an Oracle wallet for the specified component instance. When importing a certificate, use the same wallet file from which the certificate signing request was generated.
Syntax
importWalletObject('instName', 'compName', 'compType', 'walletName', 'password', 'type', 'filePath')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
type |
Specifies the type of wallet object to be imported. Valid values are 'Certificate', 'TrustedCertificate' and 'TrustedChain'. |
|
filePath |
Specifies the absolute path of the file containing the wallet object. |
Example
The following command imports a certificate chain in PKCS#7 format from file chain.txt into wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> importWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'TrustedChain','/tmp/chain.txt')
The following command imports a certificate from file cert.txt into wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> > importWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'Certificate','/tmp/cert.txt')
The following command imports a trusted certificate from file trust.txt into wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> importWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'TrustedCertificate','/tmp/trust.txt')
Online command that lists all objects in an Oracle wallet.
Description
This command lists all certificate signing requests, certificates, or trusted certificates present in an Oracle wallet for the specified component instance.
Syntax
listWalletObjects('instName', 'compName', 'compType', 'walletName', password', 'type')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
type |
Specifies the type of wallet object to be listed. Valid values are 'CertificateRequest', 'Certificate', and 'TrustedCertificate'. |
Example
The following command lists all certificate signing requests in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> > listWalletObjects('inst1', 'ohs1', 'ohs','wallet1','password', 'CertificateRequest')
The following command lists all certificates in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> listWalletObjects('inst1', 'ohs1', 'ohs','wallet1','password', 'Certificate')
The following command lists all trusted certificates in wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> listWalletObjects('inst1', 'ohs1', 'ohs','wallet1','password', 'TrustedCertificate')
Online command that lists all wallets configured for a component instance.
Description
This command displays all the wallets configured for the specified component instance, and identifies the auto-login wallets.
Syntax
listWallets('instName', 'compName', 'compType')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
Example
The following command lists all wallets for Oracle HTTP Server instance ohs1 in application server instance inst1:
wls:/mydomain/serverConfig> > listWallets('inst1', 'ohs1', 'ohs')
Online command that removes a certificate or other object from an Oracle wallet.
Description
This command removes a certificate signing request, certificate, trusted certificate or all trusted certificates from an Oracle wallet for the specified component instance. DN is used to indicate the object to be removed.
Syntax
removeWalletObject('instName', 'compName', 'compType', 'walletName', 'password', 'type', 'DN')
| Argument | Definition |
|---|---|
|
instName |
Specifies the name of the application server instance. |
|
compName |
Specifies the name of the component instance. |
|
compType |
Specifies the type of component. Valid value is 'ohs'. |
|
walletName |
Specifies the name of the wallet file. |
|
password |
Specifies the password of the wallet. |
|
type |
Specifies the type of the keystore object to be removed. Valid values are 'CertificateRequest', 'Certificate', 'TrustedCertificate' or 'TrustedAll'. |
|
DN |
Specifies the Distinguished Name of the wallet object to be removed. |
Example
The following command removes all trusted certificates from wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1. It is not necessary to provide a DN, so you pass null (denoted by None) for the DN parameter:
wls:/mydomain/serverConfig> removeWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'TrustedAll',None)
The following command removes a certificate signing request indicated by DN cn=www.acme.com from wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> removeWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'CertificateRequest','cn=www.acme.com')
The following command removes a certificate indicated by DN cn=www.acme.com from wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> removeWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'Certificate','cn=www.acme.com')
The following command removes a trusted certificate indicated by DN cn=www.acme.com from wallet1, for Oracle HTTP Server instance ohs1, in application server instance inst1:
wls:/mydomain/serverConfig> removeWalletObject('inst1', 'ohs1', 'ohs','wallet1', 'password', 'TrustedCertificate','cn=www.acme.com')