blob: 96d9a18f23d2294b08d76ac47ee8dc94c5f0fefc [file] [log] [blame]
Instructs {productName}, when secure admin is enabled, to accept
admin requests from clients identified by the specified SSL certificate.
=== Synopsis
asadmin [asadmin-options] enable-secure-admin-principal [--help]
--alias aliasname | DN
=== Description
The `enable-secure-admin-principal` subcommand instructs
{productName} to accept admin requests when accompanied by an SSL
certificate with the specified distinguished name (DN). If you use the
"`--alias` aliasname" form, then {productName} looks in its
truststore for a certificate with the specified alias and uses the DN
associated with that certificate. Otherwise, {productName} records
the value you specify as the DN.
You must specify either the `--alias` option, or the DN.
You can run `enable-secure-admin-principal` multiple times so that
{productName} accepts admin requests from a client sending a
certificate with any of the DNs you specify.
When you run `enable-secure-admin`, {productName} automatically
records the DNs for the admin alias and the instance alias, whether you
specify those values or use the defaults. You do not need to run
`enable-secure-admin-principal` yourself for those certificates. Other
than these certificates, you must run `enable-secure-admin-principal`
for any other DN that {productName} should authorize to send admin
requests. This includes DNs corresponding to trusted certificates (those
with a certificate chain to a trusted authority.)
=== Options
Options for the `asadmin` utility. For information about these
options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page.
Displays the help text for the subcommand.
The alias name of the certificate in the trust store.
{productName} looks up certificate in the trust store using that
alias and, if found, stores the corresponding DN as being valid for
secure administration. Because alias-name must be an alias associated
with a certificate currently in the trust store, you may find it most
useful for self-signed certificates.
=== Operands
The distinguished name of the certificate, specified as a
comma-separated list in quotes. For example,
`",OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US"`.
=== Examples
==== Example 1   Trusting a DN for secure administration
The following example shows how to specify a DN for authorizing access
in secure administration.
asadmin> enable-secure-admin-principal
O=Oracle Corporation,L=Santa Clara,ST=California,C=US"
Command enable-secure-admin-principal executed successfully.
=== Exit Status
subcommand executed successfully
error in executing the subcommand
=== See Also