- Instructs GlassFish Server, when secure admin is enabled, to accept admin requests from clients identified by the specified SSL certificate.
enable-secure-admin-principal [--help] --alias aliasname | DN
The enable-secure-admin-principal subcommand instructs GlassFish Server to accept admin requests when accompanied by an SSL certificate with the specified distinguished name (DN). If you use the "--alias aliasname" form, then GlassFish Server looks in its truststore for a certificate with the specified alias and uses the DN associated with that certificate. Otherwise, GlassFish Server records the value you specify as the DN.
You must specify either the --alias option, or the DN.
You can run enable-secure-admin-principal multiple times so that GlassFish Server accepts admin requests from a client sending a certificate with any of the DNs you specify.
When you run enable-secure-admin, GlassFish Server automatically records the DNs for the admin alias and the instance alias, whether you specify those values or use the defaults. You do not need to run enable-secure-admin-principal yourself for those certificates. Other than these certificates, you must run enable-secure-admin-principal for any other DN that GlassFish Server should authorize to send admin requests. This includes DNs corresponding to trusted certificates (those with a certificate chain to a trusted authority.)
Displays the help text for the subcommand.
The alias name of the certificate in the trust store. GlassFish Server looks up certificate in the trust store using that alias and, if found, stores the corresponding DN as being valid for secure administration. Because alias-name must be an alias associated with a certificate currently in the trust store, you may find it most useful for self-signed certificates.
The distinguished name of the certificate, specified as a comma-separated list in quotes. For example, "CN=system.amer.oracle.com,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US".
Example 1 Trusting a DN for secure administration
The following example shows how to specify a DN for authorizing access in secure administration.
asadmin> enable-secure-admin-principal "CN=system.amer.oracle.com,OU=GlassFish, O=Oracle Corporation,L=Santa Clara,ST=California,C=US" Command enable-secure-admin-principal executed successfully.
subcommand executed successfully
error in executing the subcommand