2.13.2 create-ssl
Creates and configures the SSL element in the selected HTTP listener, IIOP listener, or IIOP service.
Synopsis
asadmin [asadmin-options] create-ssl [--help] [--target target] --type listener_or_service_type --certname cert_name [--ssl2enabled={false|true}] [--ssl2ciphers ss12ciphers] [--ssl3enabled={true|false}] [--tlsenabled={true|false}] [--ssl3tlsciphers ssl3tlsciphers] [--clientauthenabled={false|true}] [listener_id]
Storage location
Application Server installation directory/javaee/glassfish/bin
Function
The create-ssl subcommand creates and configures the SSL element in the selected HTTP listener, IIOP listener, or IIOP service to enable secure communication on that listener/service.
This subcommand is supported in remote mode only.
Precondition
Domain Administration Server (DAS) is running.
Files
For --type option, when the type is iiop-service, the ssl-client-config along with the embedded ssl element is created in the domain.xml file.
Arguments
- --help | -?
-
Displays the help text for the subcommand.
- --target target
-
Specifies the target on which you are configuring the SSL element.
Type: String
The following values can be specified:
-
server
Specifies the server in which the iiop-service or HTTP/IIOP listener is to be configured for SSL.
-
configuration_name
Specifies the configuration that contains the HTTP/IIOP listener or iiop-service for which SSL is to be configured.
-
cluster_name
Specifies the cluster in which the HTTP/IIOP listener or iiop-service is to be configured for SSL. All the server instances in the cluster will get the SSL configuration for the respective listener or iiop-service.
-
instance_name
Specifies the instance in which the HTTP/IIOP listener or iiop-service is to be configured for SSL.
Default value: server
-
- --type listener_or_service_type
-
Specifies the type of service or listener for which the SSL is created. If the --type is iiop-service, then the listener_id is not required. When the type is iiop-service, the ssl-client-config along with the embedded ssl element is created in domain.xml.
Type: String
The following values can be specified:
-
http-listener
-
iiop-listener
-
iiop-service
-
jmx-connector
-
network-listener
Default value: N/A
-
- --certname cert_name
-
Specifies the nickname of the server certificate in the certificate database or the PKCS#11 token. The format of the name in the certificate is tokenname:nickname. For this property, the tokenname: is optional.
Type: String
The following values can be specified:
-
Nickname of the server certificate in the certificate database
Default value: N/A
-
- --ssl2enabled={false|true}
-
Specifies the property required to enable the SSL2. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. In the event SSL3 encryption fails, the server then tries SSL2 encryption.
Type: Boolean
The following values can be specified:
-
true
-
false
Default value: false
-
- --ssl2ciphers ss12ciphers
-
Specifies a comma-separated list of the SSL2 ciphers to be used. Ciphers that are not explicitly listed will be disabled for the target, even if those Ciphers are available in the particular Cipher suite being used currently. If this option is not used, all the supported Ciphers are assumed to be enabled.
Type: String
The following values can be specified:
-
rc4
-
rc4export
-
rc2
-
rc2export
-
idea
-
des
-
desede3
Default value:
-
rc4
-
rc4export
-
rc2
-
rc2export
-
idea
-
des
-
desede3
-
- --ssl3enabled={true|false}
-
Specifies the property required to enable the SSL3. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. In the event SSL3 encryption fails, the server then tries SSL2 encryption.
Type: Boolean
The following values can be specified:
-
true
-
false
Default value: true
-
- --tlsenabled={true|false}
-
Specifies the property required to disable the TLS. It is good practice to enable TLS, which is a more secure version of SSL.
Type: Boolean
The following values can be specified:
-
true
-
false
Default value: true
-
- --ssl3tlsciphers ssl3tlsciphers
-
Specifies a comma-separated list of the SSL3 and/or TLS ciphers to be used. Ciphers that are not explicitly listed will be disabled for the target, even if those Ciphers are available in the particular Cipher suite being used currently. If this option is not used, all the supported Ciphers are assumed to be enabled.
If iiop-listener or iiop-service is specified for the --type option, specify a plus sign (+) before the encryption algorithm that is specified by the --ssl3tlsciphers option.
Type: String
The following values can be specified:
-
SSL_RSA_WITH_RC4_128_MD5
-
SSL_RSA_WITH_3DES_EDE_CBC_SHA
-
SSL_RSA_WITH_DES_CBC_SHA
-
SSL_RSA_EXPORT_WITH_RC4_40_MD5
-
SSL_RSA_WITH_NULL_MD5
-
SSL_RSA_WITH_RC4_128_SHA
-
SSL_RSA_WITH_NULL_SHA
Default value:
-
SSL_RSA_WITH_RC4_128_MD5
-
SSL_RSA_WITH_3DES_EDE_CBC_SHA
-
SSL_RSA_WITH_DES_CBC_SHA
-
SSL_RSA_EXPORT_WITH_RC4_40_MD5
-
SSL_RSA_WITH_NULL_MD5
-
SSL_RSA_WITH_RC4_128_SHA
-
SSL_RSA_WITH_NULL_SHA
-
- --clientauthenabled={false|true}
-
Specifies the property to enable the SSL3 client authentication performed on every request independent of ACL-based access control.
Type: Boolean
The following values can be specified:
-
true
-
false
Default value: false
-
- listener_id
-
Specifies the ID of the HTTP or IIOP listener for which the SSL element is to be created. The listener_id is not required if the --type is iiop-service.
Type: String
The following values can be specified:
-
ID of the HTTP or IIOP listener
Default value: N/A
-
Examples
The following example shows how to create an SSL element for an HTTP listener named http-listener-1 on the server instance instance1.
asadmin create-ssl --type http-listener --target instance1 --certname sampleCert http-listener-1
Exit Status
Exit Status |
Explanation |
---|---|
0 |
command executed successfully. |
1 |
error in executing the command. |