tadm set-ssl-prop common_options --config=config_name (--http-listener=name|--tcp-listener=name) (property_name=property_value)+
Use this command to set the SSL properties for a listener. SSL is a software library establishing a secure connection between the client and server. SSL is used to implement HTTPS, the secure version of HTTP.
For information about common_options
, run the help command.
--config|-c
Specify the name of the configuration to set SSL properties.
--http-listener|-r
Specify the name of the HTTP listener.
--tcp-listener|-t
Specify the name of the TCP listener.
Specify name=value
pairs for one or more properties that you want to define. The name=value
pairs should be separated by spaces.
You can set the following HTTP properties:
enabled
: Specifies whether SSL support is enabled for the listener.
Values: true
, false
. Default: true
.
strict-sni-vs-host-match
: Specifies that if the value is false
, the default certificate is sent to clients which do not support SNI (Server Name Indication) extension.
Values: true
, false
. Default: false
.
tls-session-tickets-enabled
: Specifies whether TLS session Ticket Extension feature is enabled.
Values: true
, false
. Default: true
.
server-cert-nickname
: Specifies the nickname of the certificate that the server presents to the clients.
Values: zero or one for RSA and zero or one for ECC.
Note:
The propertyserver-cert-nickname
enables you to specify multiple values, with each value enclosed in quotes and separated by commas.ssl3
: Specifies whether SSL3 connections are accepted.
Values: true
, false
. Default: true
.
tls
: Specifies whether TLS connections are accepted.
Values: true
, false
. Default: true
.
client-auth
: Specifies the method of client certificate authentication.
Values: required
, optional
, or false
. When you choose required
option, the server requests the client for a certificate; if the client does not provide a certificate, the connection is closed. When you choose optional
option, the server requests the client for a certificate, but does not require it. The connection is established even if the client does not provide a certificate. Default: false
. The client authentication is disabled by default.
client-auth-timeout
: Indicates the duration (in seconds) after which a client authentication handshake fails.
Values: 0.001 to 3600.
max-client-auth-data
: Specifies the number of characters of authentication data that the server can buffer.
Values: 0 to 2147483647.
To reset a property to its default value, do not provide a property value.
For example, property-name=<empty_string>
tadm set-ssl-prop --user=admin --host=admin.example.com --password-file=./admin.passwd --port=8989 --no-prompt --config=www.example.org --http-listener=config1_ls max-client-auth-data=18976 client-auth-timeout=200
The following exit values are returned:
0: command executed successfully
>0: error in executing the command
For more information about exit codes and syntax notations, run the help command.