enable-secure-admin-principal
Previous Next Contents

enable-secure-admin-principal

Instructs \{product---name}, when secure admin is enabled, to accept admin requests from clients identified by the specified SSL certificate.

Synopsis

asadmin [asadmin-options] enable-secure-admin-principal [--help]
--alias aliasname | DN

Description

The enable-secure-admin-principal subcommand instructs \{product---name} to accept admin requests when accompanied by an SSL certificate with the specified distinguished name (DN). If you use the "--alias aliasname" form, then \{product---name} looks in its truststore for a certificate with the specified alias and uses the DN associated with that certificate. Otherwise, \{product---name} records the value you specify as the DN.

You must specify either the --alias option, or the DN.

You can run enable-secure-admin-principal multiple times so that \{product---name} accepts admin requests from a client sending a certificate with any of the DNs you specify.

When you run enable-secure-admin, \{product---name} automatically records the DNs for the admin alias and the instance alias, whether you specify those values or use the defaults. You do not need to run enable-secure-admin-principal yourself for those certificates. Other than these certificates, you must run enable-secure-admin-principal for any other DN that \{product---name} should authorize to send admin requests. This includes DNs corresponding to trusted certificates (those with a certificate chain to a trusted authority.)

Options

asadmin-options

Options for the asadmin utility. For information about these options, see the asadmin(1M) help page.

--help
-?

Displays the help text for the subcommand.

--alias

The alias name of the certificate in the trust store. \{product---name} looks up certificate in the trust store using that alias and, if found, stores the corresponding DN as being valid for secure administration. Because alias-name must be an alias associated with a certificate currently in the trust store, you may find it most useful for self-signed certificates.

Operands

DN

The distinguished name of the certificate, specified as a comma-separated list in quotes. For example, "CN=system.amer.oracle.com,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US".

Examples

Example 1   Trusting a DN for secure administration

The following example shows how to specify a DN for authorizing access in secure administration.

asadmin> enable-secure-admin-principal
"CN=system.amer.oracle.com,OU=GlassFish,
O=Oracle Corporation,L=Santa Clara,ST=California,C=US"

Command enable-secure-admin-principal executed successfully.

Exit Status

0

subcommand executed successfully

1

error in executing the subcommand

See Also

asadmin(1M)

disable-secure-admin-principal(1), enable-secure-admin(1)

Previous Next Contents
Eclipse Foundation Logo  Copyright © 2019, Oracle and/or its affiliates. All rights reserved.