|
|
|
NAME
| create-ssl - Creates the SSL element in the HTTP listener,IIOP listener, or IIOP Service |
SYNOPSIS
| create-ssl --user admin_user [ --password admin_password ] [ --host localhost ] [ --port 4848 ] [ --secure|-s ] [ --passwordfile filename ] [ --terse=false ] [ --echo=false ] [ --interactive=true ] --type [ http-listener|iiop-listener|iiop-service ] --certname cert_name [ --ssl2enabled=false ] [ --ssl2ciphers ssl_2_ciphers ] [ --ssl3enabled=true ] [ --ssl3tlsciphers ssl3_tls_ciphers ] [ --tlsenabled=true ] [ --tlsrollbackenabled=true ] [ --clientauthenabled=false ] [ listener_id ] |
|
Creates the ssl element from the HTTP listener, IIOP listener, or IIOP service. The listener_id is not required if the --type option is iiop-service.
This command is supported in remote mode only.
|
|
- --user
- authorized domain application server administrative username.
- --password
- password to administer the domain application server.
- --host
- machine name where the domain application server is running.
- --port
- port number of the domain application server listening for administration requests.
- --secure
- if true, uses SSL/TLS to communicate with the domain application server.
- --passwordfile
- file containing the domain application server password.
- --terse
- indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
- --echo
- setting to true will echo the command line statement on the standard output. Default is false.
- --interactive
- if set to true (default), only the required password options are prompted.
- --type
- type of service or listener that the SSL is created for. The type can be: http-listener, iiop-listener, and iiop-service.
- --certname
- nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part in this attribute is optional.
- --ssl2enabled
- determines whether SSL2 is enabled.
- --ssl2ciphers
- a comma separated list of the SSL2 ciphers used. Use the prefix + to enable or -- to disable. Allowed values are: rc4, rc4export, rc2, rc2export, idea, des, desede3. If no value is specified, all supported ciphers are assumed to be enabled.
- --ssl3enabled
- determines whether SSL3 is enabled.
- --ssl3ciphers
- a comma separated list of the SSL3 ciphers used. Use the prefix + to enable or -- to disable. Allowed values are: rsa_rc4_128_md5, rsa3des_sha, rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5. Allowed TSL values are: rsa_des_56_sha, rsa_rc4_56_sha. If no value is specified, all supported ciphers are assumed to be enabled.
- --tlsenabled
- determines whether TLS is enabled.
- --tlsrollbackenabled
- determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5.
- --clientauthenabled
- determines whether SSL3 client authentication is performed on every request independent of ACL-based access control.
|
|
-
listener_ID
- the ID of the listener or service that the SSL is created for. This operand is not required if the --type option is iiop-service.
|
| Example 1. Using create-ssl
|
|
asadmin> create-ssl --user admin --password adminadmin
--host fuyako --port 7070 --type http-listener --certname sampleCert
--ssl2enabled=true --ssl2ciphers rc4,rc2,des --ssl3enabled=false
--ssl3tlscipers rsa_rc4_128_md5,rsa3des_sha,rsa_des_sha, rsa_rc4_40_md5
--tlsenabled=false --tlsrollbackenabled=false --clientauthenabled=false http-listener-1
Created SSL in HTTP Listener
|
Where: SSL is created for http-listener-1.
|
|
|
- 0
- command executed successfully
- 1
- error in executing the command
|
Company Info
|
Contact
|
Copyright 2003 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
|