XML syntax elements for using a secure connection with SSL
This topic lists the syntax elements for using the XML command line client with SSL over a secure HTTPS connection.
Syntax element | Description |
---|---|
-truststore | Use this element to specify the name of the truststore file
that contains the server certificates that are required for accepting
SSL connections with trusted servers. If no truststore is provided,
the XML client will use the default Java cacerts truststore.For z/OS®, you can use a RACF keyring as a truststore. The syntax for
the keyring is |
-trustpwd | Use this element to specify the password that is required for
accessing the truststore. If the default Java cacerts truststore is used, no trust password needs to be provided. |
-trusttype | Use this element to specify the type of the truststore that
is used. The default type is jks . As long as the
used truststore is of type jks , you do not have to
provide this parameter.For z/OS®: If you use a keyring
as the truststore, XML will use |
-keystore | Use this element to specify the name of the keystore file that contains client certificates
that are required for establishing an SSL connection with a server that requires client certificate
authentication. If no keystore is provided, the XML client will use the default Java cacerts keystore. For z/OS®, you can use a RACF keyring as a keystore. The syntax
for the keyring is |
-keypwd | Use this element to specify the password that is required for
accessing the keystore. If the default Java cacerts keystore is used, no key password needs to be provided. |
-keytype | Use this element to specify the type of the used keystore. The default type is jks . If the used keystore is of type jks ,
you do not have to provide this parameter.For z/OS®: If you use a keyring as the keystore, XML will use
|
-protocol | Use this element to specify the protocol, for
example SSL , SSLv1 , SSLv3 , or TLS . Note that you can select only protocols
that WebSphere® Application Server supports
and has enabled. The parameter is evaluated only if the URL of the
XMLAccess servlet selects a secure connection with HTTPs. Otherwise,
the parameter is ignored. |
Example 1
xmlaccess.sh -user wpsadmin -password your_password -url https://portalhost:10035/wps/config/
-in $PortalHome/doc/xml-samples/ExportAllUsers.xml -out result.xml
-truststore $WASHome/profiles/wp_profile/etc/trust.p12
-trustpwd WebAS -trusttype PKCS12
xmlaccess.sh -user wpsadmin -password your_password -url https://portalhost:10035/wps/config/
-in $PortalHome/doc/xml-samples/ExportAllUsers.xml -out result.xml
-truststore AppServer_root/etc/trust.p12
-trustpwd WebAS -trusttype PKCS12
For this example to run, use the trusttype parameter with a value of PKCS12 to avoid an invalid file format error.
Example 2
xmlaccess.sh -user wpsadmin -password your_password -url https://portalhost:10035/wps/config/
-in $PortalHome/doc/xml-samples/ExportAllUsers.xml -out result.xml
-truststore $WASHome/profiles/wp_profile/etc/DummyClientTrustFile.jks -trustpwd WebAS
xmlaccess.sh -user wpsadmin -password your_password -url https://portalhost:10035/wps/config/
-in PortalServer_root/doc/xml-samples/ExportAllUsers.xml -out result.xml
-truststore AppServer_root/etc/DummyClientTrustFile.jks -trustpwd WebAS
For this example to be able to run, you need to
configure the SSL configuration in WebSphere® Application Server using the DummyServerKeyFile.jks
and the DummyServerTrustFile.jks
for secure connections. The option require
client authentication must not be active.
Example 3
xmlaccess.sh -user wpsadmin -password yourpassword -url https://portalhost:10035/wps/config/
-in $PortalHome/doc/xml-samples/ExportAllUsers.xml -out result.xml
-truststore $WASHome/profiles/wp_profile/etc/DummyClientTrustFile.jks -trustpwd WebAS
-keystore $WASHome/profiles/wp_profile/etc/DummyClientKeyFile.jks -keypwd WebAS
xmlaccess.sh -user wpsadmin -password yourpassword -url https://portalhost:10035/wps/config/
-in PortalServer_root/doc/xml-samples/ExportAllUsers.xml
-out result.xml
-truststore AppServer_root/etc/DummyClientTrustFile.jks -trustpwd WebAS
-keystore AppServer_root/etc/DummyClientKeyFile.jks -keypwd WebAS
This example allows the XML configuration interface to send a client certificate to the server, if the server requests one. Using client certificate authentication is required wherever the number of clients that can administer HCL Portal needs to be controlled. Only clients with the correct client certificate will be able establish a connection with HCL Portal.