WildFly Full 28 Model Reference

  1. home
  2. subsystem=elytron
  3. key-store

A KeyStore definition.

Provided capabilities(1)

Attributes (13)

  • alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • credential-reference The reference to credential stored in CredentialStore under defined alias or clear text password.
    • Attribute Value
    Type OBJECT
    Nillable false
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • loaded-provider Information about the provider that was used for this KeyStore.
    • Attribute Value
    Type OBJECT
    Nillable true
    Expressions Allowed false
    Storage runtime
    Access Type read-only
  • modified Indicates if the in-memory representation of the KeyStore has been changed since it was last loaded or stored. Note: For some providers updates may be immediate without further load or store calls.
    • Attribute Value
    Type BOOLEAN
    Nillable false
    Expressions Allowed false
    Storage runtime
    Access Type read-only
  • path The path to the KeyStore file.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • provider-name The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • providers A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.
    • Attribute Value
    Capability reference
    Type STRING
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • relative-to The base path this store is relative to.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • required Is the file required to exist at the time the KeyStore service starts?
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • size The number of entries in the KeyStore.
    • Attribute Value
    Type INT
    Nillable false
    Expressions Allowed false
    Storage runtime
    Access Type read-only
  • state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
    • Attribute Value
    Type STRING
    Nillable false
    Expressions Allowed false
    Storage runtime
    Access Type read-only
    Allowed Values DOWN
    STARTING
    START_FAILED
    UP
    STOPPING
    REMOVED
  • synchronized The time this KeyStore was last loaded or saved. Note: Some providers may continue to apply updates after the KeyStore was loaded within the application server.
    • Attribute Value
    Type STRING
    Nillable false
    Expressions Allowed false
    Storage runtime
    Access Type read-only
  • type The type of the KeyStore, used when creating the new KeyStore instance.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services

Operations (15)

  • add Add a new KeyStore definition.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias-filter STRING false true A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
    credential-reference OBJECT true false The reference to credential stored in CredentialStore under defined alias or clear text password.
    path STRING false true The path to the KeyStore file.
    relative-to STRING false false The base path this store is relative to.
    required BOOLEAN false true false Is the file required to exist at the time the KeyStore service starts?
    provider-name STRING false true The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
    providers STRING false false A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.
    type STRING false true The type of the KeyStore, used when creating the new KeyStore instance.
  • change-alias Move an existing KeyStore entry to a new alias.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias that identifies the existing KeyStore entry to move.
    new-alias STRING true true The new alias to use.
    credential-reference OBJECT false false The credential reference to be used to access the existing KeyStore entry, if needed.
  • export-certificate Export a certificate from a KeyStore entry to a file.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias that identifies the KeyStore entry.
    path STRING true true The path to the file to export the certificate to.
    relative-to STRING false false The base path of the export file.
    pem BOOLEAN false true false Specifies whether to export the certificate in printable encoding format. If not specified, the certificate will be exported in binary encoding format.
  • generate-certificate-signing-request Generate a PKCS #10 certificate signing request.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias that identifies the PrivateKeyEntry to use to generate the certificate signing request.
    signature-algorithm STRING false true The signature algorithm name to use when signing the certificate signing request.
    distinguished-name STRING false true The DN to use in the certificate signing request. If not specified, the DN from the certificate will be used.
    extensions LIST false false The list of X.509 certificate extensions to include in the certificate signing request.
    credential-reference OBJECT false false The credential reference to be used to access the private key.
    path STRING true true The path to the file where the certificate signing request should be stored.
    relative-to STRING false false The base path of the certificate signing request file.
  • generate-key-pair Generate a key pair and wrap the resulting public key in a self-signed X.509 certificate. The generated private key and self-signed certificate will be added to the KeyStore.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias of the new KeyStore entry.
    algorithm STRING false true The algorithm to be used to generate the key pair.
    signature-algorithm STRING false true The signature algorithm name to use when signing the self-signed certificate.
    key-size INT false true The key size to use when generating the key pair.
    distinguished-name STRING true true The DN to use as both the subject DN and the issuer DN.
    not-before STRING false true The starting date and time the self-signed certificate is valid.
    validity LONG false true 90 The number of days for which the self-signed certificate should be considered valid. The default value is 90 days.
    extensions LIST false false The list of X.509 certificate extensions to include in the self-signed certificate.
    credential-reference OBJECT false false The credential reference to be used to protect the generated private key.
  • import-certificate Import a certificate or certificate chain from a file into a KeyStore entry.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias that identifies the KeyStore entry.
    credential-reference OBJECT false false The credential reference to be used to access the private key.
    path STRING true true The path to the file that contains the certificate or certificate chain to import in binary encoding format or printable encoding format.
    relative-to STRING false false The base path of the certificate file.
    trust-cacerts BOOLEAN false true false Specifies whether certificates from the cacerts file should be included when creating / validating the certificate chain.
    validate BOOLEAN false true true Specifies whether to validate that the top-most certificate is actually trusted when importing a certificate chain or whether to validate the certificate is actually trusted when importing a certificate. The default value is true. When this is set to true and validation fails, the certificate or certificate chain will not be imported into a KeyStore entry.
  • load Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.
  • obtain-certificate Obtain a signed certificate from a certificate authority and store it in a KeyStore entry.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias of the KeyStore entry.
    domain-names LIST true false The list of DNS name(s) to request the certificate for.
    certificate-authority-account STRING true false A reference to the certificate authority account information that should be used to obtain the certificate.
    agree-to-terms-of-service BOOLEAN false true Indicates whether or not the user agrees to the certificate authority's terms of service.
    staging BOOLEAN false true false Indicates whether or not the certificate authority's staging URL should be used. This should only be set to true for testing purposes. This should never be set to true in a production environment.
    algorithm STRING false true RSA The algorithm to be used to generate the key pair. The default value is RSA.
    key-size INT false true 2048 The key size to use when generating the key pair. The default value is 2048.
    credential-reference OBJECT false false The credential reference to be used to protect the generated private key.
  • read-alias Read an alias from a KeyStore.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true false The alias of the KeyStore item to read.
    verbose BOOLEAN false false true Whether or not to include the public key and encoded form of a certificate in the output. The default value is true.
  • read-aliases Read aliases from a KeyStore.
    Request Parameter Type Required Expressions Allowed Default value Description
    recursive BOOLEAN false false false Include information about each alias in the KeyStore. The default value is false.
    verbose BOOLEAN false false true Whether or not to include the public key and encoded form of a certificate in the output. The default value is true.
  • remove Remove the KeyStore definition.
  • remove-alias Remove an alias from a KeyStore.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true false The alias of the KeyStore item to remove.
  • revoke-certificate Revoke a signed certificate.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias that identifies the KeyStore entry that contains the certificate to be revoked.
    reason STRING false true The reason for revocation.
    certificate-authority-account STRING true false A reference to the certificate authority account information that should be uesd to revoke the certificate.
    staging BOOLEAN false true false Indicates whether or not the certificate authority's staging URL should be used. This should only be set to true for testing purposes. This should never be set to true in a production environment.
  • should-renew-certificate Check if a signed certificate is due for renewal.
    Request Parameter Type Required Expressions Allowed Default value Description
    alias STRING true true The alias that identifies the KeyStore entry that contains the certificate to check.
    expiration LONG false true 30 The number of days to expiry to be checked.
  • store Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.