remove-expired-certificates
Removes all expired certificates from the target instance or listener’s keystores and truststores.
Synopsis
asadmin remove-expired-certificates [--help]
[--reload={false|true}]
[--domainName=name]
[--domainDir=directory]
[--node=nodeName]
[--nodeDir=directory]
[--listener=listenername]
[--target=instanceName]
Description
This command removes all expired certificates from the target instance or listener’s key and trust stores.
If the instance or listener is configured to use the default trust store, the command will instead synchronize the instance with the DAS (under the assumption the certificate has been removed from the default trust store of the DAS), since any certificates removed from the instance stores would be lost upon its next synchronisation.
Options
--help
-?
-
Displays the help text for the subcommand.
--target
-
This option helps specify the target on which you are removing expired certificates. Valid values are:
server
-
Applies to the default server instance. This is the default value.
- cluster_name
-
Applies to every server instance in the cluster.
- instance_name
-
Applies to a specified sever instance.
--reload
-
Whether the HTTP listeners should be reloaded. Defaults to
false
--listener
-
The name of the HTTP or IIOP listener to add the certificate to.
--domainname
-
The name of the domain where the target instance exists.
Defaults to
domain1
or the existing domain if only one exists. --domainDir
-
The path to the directory containing the target domain.
Defaults to
as-install/glassfish/domains
--node
-
The name of the node where the target instance exists.
Defaults to
localhost-$domainname
--nodeDir
-
The path to the directory containing the target node.
Defaults to
as-install/glassfish/nodes
Examples
Example 1 Removes all expired certificates in the production
domain
asadmin remove-expired-certificates --domainName --listener http-listener-2 --reload=true