Name | Synopsis | Description | Options | Operands | Examples | Exit Status | See Also
create-ssl [--terse={true|false}][ --echo={true|false} ] [ --interactive={true|false} ] [ --host host] [--port port] [--secure| -s ] [ --user admin_user] [--passwordfile filename] [--help] [ --target target] --type listener_or_service_type --certname cert_name [--ssl2enabled=false ] [--ssl2ciphers ss12ciphers ] [--ssl3enabled=true ] [--tlsenabled=true ] [--ssl3tlsciphers ssl3tlsciphers ] [--tlsrollbackenabled=true ] [--clientauthenabled=false ] [listener_id]
Creates and configures the SSL element in the selected HTTP listener, IIOP listener, or IIOP service to enable secure communication on that listener/service.
This command is supported in remote mode only.
If an option has a short option name, then the short option precedes the long option name. Short options have one dash whereas long options have two dashes.
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
If set to true, the command-line statement is echoed on the standard output. Default is false.
If set to true (default), only the required password options are prompted.
The machine name where the domain administration server is running. The default value is localhost.
The HTTP port or HTTPS port for administration. This port is the port in the URL that you specify in your web browser to manage the domain, for example, http://localhost:4848.
The default port number for administration is 4848.
If set to true, uses SSL/TLS to communicate with the domain administration server.
The default is false.
The user name of the authorized administrative user of the domain administration server.
If you have authenticated to a domain by using the asadmin login command, you need not specify the --user option for subsequent operations on the domain.
Specifies the name, including the full path, of a file that contains the password entries in a specific format.
The entry for a password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters. For example, to specify the password for the domain administration server, use an entry with the following format:
AS_ADMIN_PASSWORD=password
In this example, password is the actual administrator password.
The following other passwords can also be specified:
AS_ADMIN_MAPPEDPASSWORD
AS_ADMIN_USERPASSWORD
AS_ADMIN_ALIASPASSWORD
All remote commands must specify the administration password to authenticate to the domain administration server. The password can be specified by one of the following means:
Through the --passwordfile option
Through the asadmin login command
Interactively at the command prompt
The asadmin login command can be used only to specify the administration password. For other passwords that remote commands require, use the --passwordfile option or specify them at the command prompt.
After authenticating to a domain by using the asadmin login command, you need not specify the administration password through the --passwordfile option for subsequent operations on the domain. However, only the AS_ADMIN_PASSWORD option is not required. You still must provide the other passwords, for example, AS_ADMIN_USERPASSWORD, when required by individual commands, such as update-file-user.
For security reasons, a password that is specified as an environment variable is not read by the asadmin command.
The default value for AS_ADMIN_MASTERPASSWORD is changeit.
Displays the help text for the command.
Do not specify this option. This option is retained for compatibility with other releases. If you specify this option, a syntax error does not occur. Instead, the command runs successfully and the option is silently ignored.
The type of service or listener for which the SSL is created. The type can be:
http-listener
iiop-listener
iiop-service
When the type is iiop-service, the ssl-client-config along with the embedded ssl element is created in domain.xml.
The nickname of the server certificate in the certificate database or the PKCS#11 token. The format of the name in the certificate is tokenname:nickname. For this property, the tokenname: is optional.
Set this property to true to enable SSL2. The default value is false. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. In the event SSL3 encryption fails, the server then tries SSL2 encryption.
A comma-separated list of the SSL2 ciphers to be used. Use the prefix + to enable or — to disable a particular cipher. Allowed values are:
rc4
rc4export
rc2
rc2export
idea
des
desede3
If no value is specified, all supported ciphers are assumed to be enabled.
Set this property to false to disable SSL3. The default value is true. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. In the event SSL3 encryption fails, the server then tries SSL2 encryption.
Set this property to false to disable TLS. The default value is true It is good practice to enable TLS, which is a more secure version of SSL.
A comma-separated list of the SSL3 and/or TLS ciphers to be used. Use the prefix + to enable or — to disable a particular cipher. Allowed values are:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_NULL_SHA
If no value is specified, all supported ciphers are assumed to be enabled.
Set to true (default) to enable TLS rollback. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. This option is only valid when -tlsenabled=true.
Set to true if you want SSL3 client authentication performed on every request independent of ACL-based access control. Default value is false.
The ID of the HTTP or IIOP listener for which the SSL element is to be created. The listener_id is not required if the --type is iiop-service.
The following example shows how to create an SSL element for an HTTP listener named http-listener-1.
asadmin> create-ssl --user admin --host fuyako --port 7070 --passwordfile adminpassword.txt --type http-listener --certname sampleCert http-listener-1 Command create-ssl executed successfully. |
Name | Synopsis | Description | Options | Operands | Examples | Exit Status | See Also