enable-secure-admin-principal

Instructs Payara Server, when secure admin is enabled, to accept admin requests from clients identified by the specified SSL certificate.

Synopsis

asadmin [asadmin-options] enable-secure-admin-principal [--help]
--alias aliasname | DN

Description

The enable-secure-admin-principal subcommand instructs Payara Server to accept admin requests when accompanied by an SSL certificate with the specified distinguished name (DN). If you use the "`--alias` aliasname" form, then Payara Server looks in its truststore for a certificate with the specified alias and uses the DN associated with that certificate. Otherwise, Payara Server records the value you specify as the DN.

You must specify either the --alias option, or the DN.

You can run enable-secure-admin-principal multiple times so that Payara Server accepts admin requests from a client sending a certificate with any of the DNs you specify.

When you run enable-secure-admin, Payara Server automatically records the DNs for the admin alias and the instance alias, whether you specify those values or use the defaults. You do not need to run enable-secure-admin-principal yourself for those certificates. Other than these certificates, you must run enable-secure-admin-principal for any other DN that Payara Server should authorize to send admin requests. This includes DNs corresponding to trusted certificates (those with a certificate chain to a trusted authority.)

Options

asadmin-options

Options for the asadmin utility. For information about these options, see the asadmin help page.

--help
-?

Displays the help text for the subcommand.

--alias

The alias name of the certificate in the trust store. Payara Server looks up certificate in the trust store using that alias and, if found, stores the corresponding DN as being valid for secure administration. Because alias-name must be an alias associated with a certificate currently in the trust store, you may find it most useful for self-signed certificates.

Operands

DN

The distinguished name of the certificate, specified as a comma-separated list in quotes. For example, "CN=system.amer.oracle.com,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US".

Examples

Example 1 Trusting a DN for secure administration

The following example shows how to specify a DN for authorizing access in secure administration.

asadmin> enable-secure-admin-principal
"CN=system.amer.oracle.com,OU=GlassFish,
O=Oracle Corporation,L=Santa Clara,ST=California,C=US"

Command enable-secure-admin-principal executed successfully.

Exit Status

0

subcommand executed successfully

1

error in executing the subcommand

See Also