Protocols: Asadmin Commands

The following asadmin commands are available for administering HTTP protocols instead of using the admin console. The parameters are all explained in the configuration options above.

create-protocol

The create-protocol command creates a bare protocol to be configured with create-http and create-ssl.

Format

asadmin> create-protocol [--help]
           [--securityenabled={false|true}]
           [--target target]
           protocol-name

create-http

The create-http command creates a set of HTTP parameters for a created protocol.

Format

asadmin> create-http [--help]
           --default-virtual-server virtual-server
           [--request-timeout-seconds timeout]
           [--timeout-seconds timeout]
           [--max-connection max-keepalive]
           [--dns-lookup-enabled={false|true}]
           [--servername server-name]
           [--target target]
           protocol-name

create-ssl

The create-ssl command creates a set of SSL parameters for a created protocol.

Format

asadmin> create-ssl [--help]
        --certname certname
        --type protocol
        [--ssl3enabled={false|true}]
        [--ssl3tlsciphers ssl3tlsciphers]
        [--tlsenabled={false|true}]
        [--tlsrollbackenabled={false|true}]
        [--clientauthenabled={false|true}]
        [--target target]
        listener-id

set-network-protocol-security-configuration

Since Payara Server 5.21.0

This command sets various options for the security of a HTTP protocol. Many options for configuring security can be done with this single asadmin command.

Usage

asadmin> set-network-protocol-security-configuration --enabled true --tls11-enabled false --tls13enabled true http-listener-2

Command Options

Option Type Description Default Mandatory

--target

String

The name of the instance to get the certificate from.

server

no

--enabled

Boolean

If security should be enabled for the listener.

no

--dynamic

Boolean

If HTTP listeners on the server should be restarted.

no

--tls1-enabled

Boolean

If TLS version 1.0 should be enabled.

no

--tls11-enabled

Boolean

If TLS version 1.1 should be enabled.

no

--tls12-enabled

Boolean

If TLS version 1.2 should be enabled.

no

--tls13-enabled

Boolean

If TLS version 1.3 should be enabled.

no

--keystore

String

Name of the keystore file i.e. keystore.jks

no

--keystore-password

String

Password for the keystore file.

no

--truststore

String

Name of the truststore file i.e cacerts.jks.

no

--truststore-password

String

Password for the truststore file.

no

--turst-algorithm

Boolean

Name of the trust management algorithm (for example, PKIX) to use for certification path validation.

no

--session-timeout

Integer

How long before TLS session expire from the cache.

no

--session-cache-size

Integer

How large the TLS session cache can get.

no

--certificate-nickname

String

Takes a single value, identifies the server’s default keypair and certificate.

no

--client-auth

want,need,

Determines if if the engine will request (want) or require (need) client authentication.

no

Example

asadmin> set-network-protocol-security-configuration --enabled=true --tls1-enabled=false
                --tls11-enabled false --tls12-enabled false --tls13-enabled true http-listener-2