NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPTIONAL ATTRIBUTES | OPERANDS | EXAMPLES | EXIT STATUS | SEE ALSO
Creates and configures the SSL element in the selected HTTP listener, IIOP listener, or IIOP service to enable secure communication on that listener/service.
This command is supported in remote mode only.
If an option has a short option name, then the short option preceeds the long option name. Short options have one dash whereas long options have two dashes.
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
Setting to true will echo the command line statement on the standard output. Default is false.
If set to true (default), only the required password options are prompted.
The machine name where the domain administration server is running. The default value is localhost.
The HTTP/S port for administration. This is the port to which you should point your browser in order to manage the domain. For example, http://localhost:4848.
The default port number for Platform Edition is 4848. The default port number for Enterprise Edition is 4849.
If set to true, uses SSL/TLS to communicate with the domain administration server.
The authorized domain administration server administrative username.
If you have authenticated to a domain using the asadmin login command, then you need not specify the --user option on subsequent operations to this particular domain.
The ––passwordfile option specifies the name of a file containing the password entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters.
For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD, and AS_ADMIN_ALIASPASSWORD.
All remote commands must specify the admin password to authenticate to the domain administration server, either through ––passwordfile or asadmin login, or interactively on the command prompt. The asadmin login command can be used only to specify the admin password. For other passwords, that must be specified for remote commands, use the ––passwordfile or enter them at the command prompt.
If you have authenticated to a domain using the asadmin login command, then you need not specify the admin password through the ––passwordfile option on subsequent operations to this particular domain. However, this is applicable only to AS_ADMIN_PASSWORD option. You will still need to provide the other passwords, for example, AS_ADMIN_USERPASSWORD, as and when required by individual commands, such as update-file-user.
For security reasons, passwords specified as an environment variable will not be read by asadmin.
Displays the help text for the command.
In Enterprise Edition, specifies the target on which you are configuring the ssl element. The following values are valid:
server, the server in which the iiop-service or HTTP/IIOP listener is to be configured for SSL.
config, the configuration that contains the HTTP/IIOP listener or iiop-service for which SSL is to be configured.
cluster, the cluster in which the HTTP/IIOP listener or iiop-service is to be configured for SSL. All the server instances in the cluster will get the SSL configuration for the respective listener or iiop-service.
instance, the instance in which the HTTP/IIOP listener or iiop-service is to be configured for SSL.
The following optional attribute name/value pairs are available:
Property |
Definition |
---|---|
type |
The type of service or listener for which the SSL is created. The type can be http-listener, iiop-listener, or iiop-service. When the type is iiop-service, the ssl-client-config along with the embedded ssl element is created in domain.xml. |
certname |
The nickname of the server certificate in the certificate database or the PKCS#11 token. The format of the name in the certificate is tokenname:nickname. For this property, the tokenname: is optional. |
ssl2enabled |
Set this property to true to enable SSL2. The default value is false. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. In the event SSL3 encryption fails, the server then tries SSL2 encryption. |
ssl2ciphers |
A comma-separated list of the SSL2 ciphers to be used. Use the prefix + to enable or — to disable a particular cipher. Allowed values are: rc4, rc4export, rc2, rc2export, idea, des, and desede3. If no value is specified, all supported ciphers are assumed to be enabled. |
ssl3enabled |
Set this property to false to disable SSL3. The default value is true. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. In the event SSL3 encryption fails, the server then tries SSL2 encryption. |
tlsenabled |
Set this property to false to disable TLS. The default value is true It is good practice to enable TLS, which is a more secure version of SSL. |
ssl3tlsciphers |
A comma-separated list of the SSL3 and/or TLS ciphers to be used. Use the prefix + to enable or — to disable a particular cipher. Allowed values are SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, , SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_RC4_128_SHA, and SSL_RSA_WITH_NULL_SHA. If no value is specified, all supported ciphers are assumed to be enabled. |
tlsrollbackenabled |
Set to true (default) to enable TLS rollback. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. This option is only valid in the Enterprise Edition. This option is only valid when tlsenabled=true. |
clientauthenabled |
Set to true if you want SSL3 client authentication performed on every request independent of ACL-based access control. Default value is false. |
The ID of the HTTP or IIOP listener for which the SSL element is to be created. The listener_id is not required if the ––type is iiop-service.
The following example shows how to create an SSL element for an HTTP listener named http-listener-1.
asadmin> create-ssl --user admin --host fuyako --port 7070 --passwordfile adminpassword.txt --type http-listener --certname sampleCert http-listener-1 Command create-ssl executed successfully. |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPTIONAL ATTRIBUTES | OPERANDS | EXAMPLES | EXIT STATUS | SEE ALSO