| type=page |
| status=published |
| title=enable-secure-admin-principal |
| next=export.html |
| prev=enable-secure-admin-internal-user.html |
| ~~~~~~ |
| enable-secure-admin-principal |
| ============================= |
| |
| [[enable-secure-admin-principal-1]][[GSRFM00131]][[enable-secure-admin-principal]] |
| |
| enable-secure-admin-principal |
| ----------------------------- |
| |
| Instructs \{product---name}, when secure admin is enabled, to accept |
| admin requests from clients identified by the specified SSL certificate. |
| |
| [[sthref1143]] |
| |
| Synopsis |
| |
| [source,oac_no_warn] |
| ---- |
| asadmin [asadmin-options] enable-secure-admin-principal [--help] |
| --alias aliasname | DN |
| ---- |
| |
| [[sthref1144]] |
| |
| Description |
| |
| The `enable-secure-admin-principal` subcommand instructs |
| \{product---name} to accept admin requests when accompanied by an SSL |
| certificate with the specified distinguished name (DN). If you use the |
| "`--alias` aliasname" form, then \{product---name} looks in its |
| truststore for a certificate with the specified alias and uses the DN |
| associated with that certificate. Otherwise, \{product---name} records |
| the value you specify as the DN. |
| |
| You must specify either the `--alias` option, or the DN. |
| |
| You can run `enable-secure-admin-principal` multiple times so that |
| \{product---name} accepts admin requests from a client sending a |
| certificate with any of the DNs you specify. |
| |
| When you run `enable-secure-admin`, \{product---name} automatically |
| records the DNs for the admin alias and the instance alias, whether you |
| specify those values or use the defaults. You do not need to run |
| `enable-secure-admin-principal` yourself for those certificates. Other |
| than these certificates, you must run `enable-secure-admin-principal` |
| for any other DN that \{product---name} should authorize to send admin |
| requests. This includes DNs corresponding to trusted certificates (those |
| with a certificate chain to a trusted authority.) |
| |
| [[sthref1145]] |
| |
| Options |
| |
| asadmin-options:: |
| Options for the `asadmin` utility. For information about these |
| options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page. |
| `--help`:: |
| `-?`:: |
| Displays the help text for the subcommand. |
| `--alias`:: |
| The alias name of the certificate in the trust store. |
| \{product---name} looks up certificate in the trust store using that |
| alias and, if found, stores the corresponding DN as being valid for |
| secure administration. Because alias-name must be an alias associated |
| with a certificate currently in the trust store, you may find it most |
| useful for self-signed certificates. |
| |
| [[sthref1146]] |
| |
| Operands |
| |
| DN:: |
| The distinguished name of the certificate, specified as a |
| comma-separated list in quotes. For example, |
| `"CN=system.amer.oracle.com,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US"`. |
| |
| [[sthref1147]] |
| |
| Examples |
| |
| [[GSRFM608]][[sthref1148]] |
| |
| Example 1 Trusting a DN for secure administration |
| |
| The following example shows how to specify a DN for authorizing access |
| in secure administration. |
| |
| [source,oac_no_warn] |
| ---- |
| asadmin> enable-secure-admin-principal |
| "CN=system.amer.oracle.com,OU=GlassFish, |
| O=Oracle Corporation,L=Santa Clara,ST=California,C=US" |
| |
| Command enable-secure-admin-principal executed successfully. |
| ---- |
| |
| [[sthref1149]] |
| |
| Exit Status |
| |
| 0:: |
| subcommand executed successfully |
| 1:: |
| error in executing the subcommand |
| |
| [[sthref1150]] |
| |
| See Also |
| |
| link:asadmin.html#asadmin-1m[`asadmin`(1M)] |
| |
| link:disable-secure-admin-principal.html#disable-secure-admin-principal-1[`disable-secure-admin-principal`(1)], |
| link:enable-secure-admin.html#enable-secure-admin-1[`enable-secure-admin`(1)] |
| |
| |