|
|
|
NAME
create-ssl - creates and configures the SSL element in
the selected HTTP listener, IIOP listener, or IIOP service
SYNOPSIS
create-ssl user admin_user [passwordfile filename] [host host_name] [port port_number] [secure|s] [terse=false] [echo=false] [interactive=true] [help] [target target] type listener_or_service_type certname cert_name [ssl2enabled=false ] [ssl2ciphers ss12ciphers] [ssl3enabled=true ] [tlsenabled=true ] [ssl3tlsciphers ssl3tlsciphers] [tlsrollbackenabled=true] [clientauthenabled=false ] [listener_id]
Creates and configures the SSL element in the selected HTTP listener,
IIOP listener, or IIOP service in order to enable secure communication on
that listener/service.
This command is supported in remote mode only.
If an option has a short option name, then the short option preceeds
the long option name. Short options have one dash whereas long options have
two dashes.
- u user
-
The authorized domain application server administrative username.
- w password
-
The password option is deprecated. Use passwordfile instead.
- passwordfile
-
This option replaces the password option. Using the password option on the command line or through the environment is
deprecated. The passwordfile option specifies the name of a file containing the password entries in a specified format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in capital letters. For example, to specify the
domain application server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD,
AS_ADMIN_USERPASSWORD, AS_ADMIN_SAVEDMASTERPASSWORD, AS_ADMIN_MQPASSWORD, AS_ADMIN_ALIASPASSWORD, and so on.
- H host
-
The machine name where the domain application server is running. The default value is localhost.
- p port
-
The port number of the domain application server listening for administration requests. The default port number for Enterprise Edition is 4849.
- s secure
-
If set to true, uses SSL/TLS to communicate with the domain application server.
- t terse
-
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
- e echo
-
Setting to true will echo the command line statement on the standard output. Default is false.
- I interactive
-
If set to true (default), only the required password options are prompted.
- h help
-
Displays the help text for the command.
- target
-
In Enterprise Edition, specifies the target to which you are
deploying. Valid values are
-
server, the server in which the iiop-service
or listener is to be configured for SSL.
-
config, the configuration that
contains the listener or iiop-service for which SSL is to be configured.
-
cluster, the cluster in which the
listener or iiop-service is to be configured for SSL. All the server instances
in the cluster will get the SSL configuration for the respective listener
or iiop-service.
-
instance, the instance in which
the listener or iiop-service is to be configured for SSL.
-
-
The following optional attribute
name/value pairs are available:
Property | Definition |
type | The type of service or listener for which the SSL is created. The type can
be http-listener, iiop-listener,
or iiop-service. |
certname | The nickname of the server certificate in the certificate database or the
PKCS#11 token. The format of the name in the certificate is tokenname:nickname. For this property, the tokenname: is optional. |
ssl2enabled | Set this property to true to enable SSL2. The default
value is false. If both SSL2 and SSL3 are enabled
for a virtual server, the server tries SSL3 encryption first. In the event
SSL3 encryption fails, the server then tries SSL2 encryption. |
ssl2ciphers | A comma-separated list of the SSL2 ciphers to be used. Use the prefix + to enable or to disable a particular
cipher. Allowed values are: rc4, rc4export, rc2, rc2export, idea, des,
and desede3. If no value is specified, all supported
ciphers are assumed to be enabled. |
ssl3enabled | Set this property to false to disable SSL3. The
default value is true. If both SSL2 and SSL3 are
enabled for a virtual server, the server tries SSL3 encryption first. In the
event SSL3 encryption fails, the server then tries SSL2 encryption. |
tlsenabled | Set this property to false to disable TLS. The
default value is true It is good practice to enable
TLS, which is a more secure version of SSL. |
ssl3tlsciphers | A comma-separated list of the SSL3 and/or TLS ciphers to be used. Use the
prefix + to enable or to disable
a particular cipher. Allowed SSL3 values are rsa_rc4_128_md5, rsa3des_sha, rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, and rsa_null_md5. Allowed TLS values
are rsa_des_56_sha and rsa_rc4_56_sha. If no value is specified, all supported ciphers are assumed
to be enabled. |
tlsrollbackenabled | Set to true (default) to enable TLS rollback. TLS
rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. This
option is only valid in the Enterprise Edition. This option is only valid
when tlsenabled=true. |
clientauthenabled | Set to true if you want SSL3 client authentication
performed on every request independent of ACL-based access control. Default
value is false. |
-
listener_id
-
The ID of the listener for which the SSL element is to be created. The listener_id is not required if the type is iiop-service.
Example 1. Using create-ssl
The following example shows how to create an SSL element for an HTTP
listener named http-listener-1.
asadmin> create-ssl --user admin --host fuyako --port 7070
--passwordfile adminpassword.txt --type http-listener --certname sampleCert http-listener-1
Created SSL in HTTP Listener
- 0
-
command executed successfully
- 1
-
error in executing the command
delete-ssl(1)
J2EE SDK 1.4 | Go To Top | Last Changed 31 Jan 2005 |
Company Info
|
Contact
|
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
|