type=page
status=published
title=create-ssl
next=create-system-properties.html
prev=create-service.html
~~~~~~
create-ssl
==========

[[create-ssl-1]][[GSRFM00058]][[create-ssl]]

create-ssl
----------

creates and configures the SSL element in the selected HTTP listener,
IIOP listener, or IIOP service

[[sthref537]]

Synopsis

[source,oac_no_warn]
----
asadmin [asadmin-options] create-ssl [--help]
[--target target]
--type listener_or_service_type
--certname cert_name 
[--ssl2enabled={false|true}] [--ssl2ciphers ss12ciphers] 
[--ssl3enabled={true|false}] [--tlsenabled={true|false}]
[--ssl3tlsciphers ssl3tlsciphers]
[--tlsrollbackenabled={true|false}]
[--clientauthenabled={false|true}]
[listener_id]
----

[[sthref538]]

Description

The `create-ssl` subcommand creates and configures the SSL element in
the selected HTTP listener, IIOP listener, or IIOP service to enable
secure communication on that listener/service.

This subcommand is supported in remote mode only.

[[sthref539]]

Options

If an option has a short option name, then the short option precedes the
long option name. Short options have one dash whereas long options have
two dashes.

asadmin-options::
  Options for the `asadmin` utility. For information about these
  options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page.
`--help`::
`-?`::
  Displays the help text for the subcommand.
`--target`::
  Specifies the target on which you are configuring the ssl element. The
  following values are valid: +
  `server`;;
    Specifies the server in which the iiop-service or HTTP/IIOP listener
    is to be configured for SSL.
  config;;
    Specifies the configuration that contains the HTTP/IIOP listener or
    iiop-service for which SSL is to be configured.
  cluster;;
    Specifies the cluster in which the HTTP/IIOP listener or
    iiop-service is to be configured for SSL. All the server instances
    in the cluster will get the SSL configuration for the respective
    listener or iiop-service.
  instance;;
    Specifies the instance in which the HTTP/IIOP listener or
    iiop-service is to be configured for SSL.
`--type`::
  The type of service or listener for which the SSL is created. The type
  can be: +
  * `network-listener`
  * `http-listener`
  * `iiop-listener`
  * `iiop-service`
  * `jmx-connector` +
  When the type is `iiop-service`, the `ssl-client-config` along with
  the embedded `ssl` element is created in `domain.xml`.
`--certname`::
  The nickname of the server certificate in the certificate database or
  the PKCS#11 token. The format of the name in the certificate is
  tokenname:nickname. For this property, the tokenname: is optional.
`--ssl2enabled`::
  Set this property to `true` to enable SSL2. The default value is
  `false`. If both SSL2 and SSL3 are enabled for a virtual server, the
  server tries SSL3 encryption first. In the event SSL3 encryption
  fails, the server then tries SSL2 encryption.
`--ssl2ciphers`::
  A comma-separated list of the SSL2 ciphers to be used. Ciphers not
  explicitly listed will be disabled for the target, even if those
  ciphers are available in the particular cipher suite you are using. If
  this option is not used, all supported ciphers are assumed to be
  enabled. Allowed values are: +
  * `rc4`
  * `rc4export`
  * `rc2`
  * `rc2export`
  * `idea`
  * `des`
  * `desede3`
`--ssl3enabled`::
  Set this property to `false` to disable SSL3. The default value is
  `true`. If both SSL2 and SSL3 are enabled for a virtual server, the
  server tries SSL3 encryption first. In the event SSL3 encryption
  fails, the server then tries SSL2 encryption.
`--tlsenabled`::
  Set this property to `false` to disable TLS. The default value is
  `true` It is good practice to enable TLS, which is a more secure
  version of SSL.
`--ssl3tlsciphers`::
  A comma-separated list of the SSL3 and/or TLS ciphers to be used.
  Ciphers not explicitly listed will be disabled for the target, even if
  those ciphers are available in the particular cipher suite you are
  using. If this option is not used, all supported ciphers are assumed
  to be enabled. Allowed values are: +
  * `SSL_RSA_WITH_RC4_128_MD5`
  * `SSL_RSA_WITH_3DES_EDE_CBC_SHA`
  * `SSL_RSA_WITH_DES_CBC_SHA`
  * `SSL_RSA_EXPORT_WITH_RC4_40_MD5`
  * `SSL_RSA_WITH_NULL_MD5`
  * `SSL_RSA_WITH_RC4_128_SHA`
  * `SSL_RSA_WITH_NULL_SHA`
`--tlsrollbackenabled`::
  Set to `true` (default) to enable TLS rollback. TLS rollback should be
  enabled for Microsoft Internet Explorer 5.0 and 5.5. This option is
  only valid when `-tlsenabled`=`true`.
`--clientauthenabled`::
  Set to `true` if you want SSL3 client authentication performed on
  every request independent of ACL-based access control. Default value
  is `false`.

[[sthref540]]

Operands

listener_id::
  The ID of the HTTP or IIOP listener for which the SSL element is to be
  created. The listener_id is not required if the `--type` is
  `iiop-service`.

[[sthref541]]

Examples

[[GSRFM525]][[sthref542]]

Example 1   Creating an SSL element for an HTTP listener

The following example shows how to create an SSL element for an HTTP
listener named `http-listener-1`.

[source,oac_no_warn]
----
asadmin> create-ssl 
--type http-listener
--certname sampleCert http-listener-1
Command create-ssl executed successfully.
----

[[sthref543]]

Exit Status

0::
  subcommand executed successfully
1::
  error in executing the subcommand

[[sthref544]]

See Also

link:asadmin.html#asadmin-1m[`asadmin`(1M)]

link:delete-ssl.html#delete-ssl-1[`delete-ssl`(1)]