Select all alias on modifySSLConfig using JACL script

Question

I would want to edit all of the SSL configurations on all of my alias. I have found some resources to do this and my code so far is

$AdminTask modifySSLConfig {-alias NodeDefaultSSLSettings -sslProtocol TLSv1.2}
$AdminConfig save

I would want to be able to do this on all of the alias that can be found on my server, but I don't know how

Any ideas or leads on how to do this will help. Thank you.

Edit:

I am now able to find all of the SSL configs by using this code

[$AdminTask listSSLConfigs {-scopeName (cell):Node01Cell:(node):Node01}

My next problem is, how would I be able to extract the alias string from there? I would only need the alias so that I can replace it on another variable so that I can just use a foreach loop for this

$AdminTask modifySSLConfig {-alias ${aliasvariablegoeshere}  -sslProtocol TLSv1.2}

EDIT :

set hold [list [$AdminTask listSSLConfigs {-scopeName (cell):Node01Cell:(node):Node01}]]
foreach aliasList [$AdminConfig show $hold] {
    foreach aliasName [$AdminConfig show $aliasList] {
        set testTrim "alias "
        set test5 [string trimleft $aliasName $testTrim]
        $AdminTask modifySSLConfig {-alias ${test5} -sslProtocol TLSv1.2}
    }
}
$AdminControl save

I have done this and was able to extract just the alias name and was able to put it on the variable like I wanted, but it gives me an invalid parameter error. Any ideas why this is happening and how would I be able to resolve this?

Answer 1

I was able to figure it out for Jython:

import sys
import os
import string
import re

#$HOME/IBM/WebSphere/AppServer/bin/wsadmin.sh -lang jython -f $HOME/tls12.py
#Updates Websphere security to TLSv1.2

AdminTask.convertCertForSecurityStandard('[-fipsLevel SP800-131 -signatureAlgorithm SHA256withRSA -keySize 2048 ]')
AdminConfig.save()
AdminNodeManagement.syncActiveNodes()

sslConfigList=AdminTask.listSSLConfigs('[-all true]').splitlines()
for sslConfig in sslConfigList:
  sslElems=sslConfig.split(" ")
  AdminTask.modifySSLConfig (['-alias',sslElems[1],'-scopeName',sslElems[3],'-sslProtocol', 'TLSv1.2', '-securityLevel', 'HIGH' ])

AdminConfig.save()
AdminNodeManagement.syncActiveNodes()

After that you should also update all your ssl.client.props files with:

com.ibm.ssl.protocol=TLSv1.2

Restart your deployment manager and force manual syncNode on all nodes, for example:

~/IBM/WebSphere/AppServer/profiles/*/bin/syncNode.sh <DeplymentManagerHost> <dmgr port=8879> -username <username> -password <password>

Answer 2

I have managed to make it work, it seems like whatever I do I can't make the alias that I got to be a valid parameter so I made the whole thing as a string command instead. Here is my code.

foreach aliasList [$AdminConfig list SSLConfig] {
    foreach aliasName [$AdminConfig show $aliasList alias] {
        set strTrim "alias "
        set strFinal [string trimleft $aliasName $strTrim]
        set command "-alias $strFinal -sslProtocol TLSv1.2"
        $AdminTask modifySSLConfig $command
        puts saved
    }
}
$AdminConfig save

Answer 3

You can list all the SSL configs using:

AdminTask.listSSLConfigs('[-all true]')

for JACL use:

$AdminTask listSSLConfigs {-all true}

and then iterate over the list and change whatever you need. Instead of -all you can provide scope for example: -scopeName (cell):localhostNode01Cell:(node):localhostNode01

For details about SSLConfig commands check SSLConfigCommands command group for the AdminTask object

UPDATE:

in general this should work:

foreach aliasList [$AdminTask listSSLConfigs {-scopeName (cell):PCCell1:(node):Node1}] {
    puts $aliasList  
    set splitList [split $aliasList " "]
    puts $splitList 
    set aliasname [lindex $splitList 1]
    puts $aliasname

    $AdminTask modifySSLConfig { -alias $aliasname -sslProtocol TLSv1.2 }

}

but I cannot make $AdminTask to correctly resolve $aliasname param... Strongly suggest you to switch to jython. ;-)