Running AdminUI, how to automatize the following tasks, to avoid doing it manually in the AdminUI?

1. SAML digital signature cert for two SAML authentication schemes. We are acting as SP. Changes every year;
2. Encryption certificate of SP used for encrypting SAML assertions. Changes every year;
3. Importing SSL certs in SiteMinder store which changes every year;
4. Updating policy domain changes quite often;
5. Updating SSL certs of JBOSS hosting Web agent Option pack.

  
For items 1, 2, and 4, use the REST API to manage certificates and updating Policy Domains (1)(2)(3).

About item 3, use the certutil command to manage the cert8.db. Certutil can be used in a script to automate the maintenance of the certificates (4).

Here's where the certutil command can be found on a Linux Policy Server:

# which certutil
/{home_policy_server}/bin/certutil

The certutil command allows the following parameters to manage the certificates in the cert8.db:

# certutil -help
The certutil command accept -help option to give you all the possible use of this command:

certutil - Utility to manipulate NSS certificate databases

Usage:  certutil <command> -d <database-directory> <options>

Valid commands:
-A              Add a certificate to the database        (create if needed)
-B              Run a series of certutil commands from a batch file
-E              Add an Email certificate to the database (create if needed)
-C              Create a new binary certificate from a BINARY cert request
-G              Generate a new key pair
-D              Delete a certificate from the database
--rename        Change the database nickname of a certificate
-F              Delete a key and associated certificate from the database
-U              List all modules
-K              List all private keys
-L              List all certs, or print out a single named cert (or a subset)
--build-flags   Print enabled build flags relevant for NSS test execution
-M              Modify trust attributes of certificate
-N              Create a new certificate database
-T              Reset the Key database or token
-O              Print the chain of a certificate
-R              Generate a certificate request (stdout)
-V              Validate a certificate
-W              Change the key database password
--upgrade-merge Upgrade an old database and merge it into a new one
--merge         Merge source database into the target database
-S              Make a certificate and add to database

certutil -H <command> : Print available options for the given command
certutil -H : Print complete help output of all commands and options
certutil --syntax : Print a short summary of all commands and options

About item 5, this is outside our Product. The Web Agent Option Pack doesn't manage the certificates.

Let's Encrypt might be a possible solution to maintain the certificates used in JBoss where the Web Agent Option Pack runs (5).

1. Policy Object REST APIs
   
   
2. Policy Data API - Certificate Data
   
   
3. REST API Logs for Troubleshooting
   
   
4. Configure an SSL Connection to an LDAP Data Store
   
   
5. Obtaining and managing certificates from Let's Encrypt using the WildFly CLI