| type=page |
| status=published |
| title=enable-secure-admin-principal |
| next=export.html |
| prev=enable-secure-admin-internal-user.html |
| ~~~~~~ |
| |
| = enable-secure-admin-principal |
| |
| [[enable-secure-admin-principal-1]][[GSRFM00131]][[enable-secure-admin-principal]] |
| |
| == enable-secure-admin-principal |
| |
| Instructs {productName}, when secure admin is enabled, to accept |
| admin requests from clients identified by the specified SSL certificate. |
| |
| [[sthref1143]] |
| |
| === Synopsis |
| |
| [source] |
| ---- |
| asadmin [asadmin-options] enable-secure-admin-principal [--help] |
| --alias aliasname | DN |
| ---- |
| |
| [[sthref1144]] |
| |
| === Description |
| |
| The `enable-secure-admin-principal` subcommand instructs |
| {productName} to accept admin requests when accompanied by an SSL |
| certificate with the specified distinguished name (DN). If you use the |
| "`--alias` aliasname" form, then {productName} looks in its |
| truststore for a certificate with the specified alias and uses the DN |
| associated with that certificate. Otherwise, {productName} records |
| the value you specify as the DN. |
| |
| You must specify either the `--alias` option, or the DN. |
| |
| You can run `enable-secure-admin-principal` multiple times so that |
| {productName} accepts admin requests from a client sending a |
| certificate with any of the DNs you specify. |
| |
| When you run `enable-secure-admin`, {productName} automatically |
| records the DNs for the admin alias and the instance alias, whether you |
| specify those values or use the defaults. You do not need to run |
| `enable-secure-admin-principal` yourself for those certificates. Other |
| than these certificates, you must run `enable-secure-admin-principal` |
| for any other DN that {productName} should authorize to send admin |
| requests. This includes DNs corresponding to trusted certificates (those |
| with a certificate chain to a trusted authority.) |
| |
| [[sthref1145]] |
| |
| === Options |
| |
| asadmin-options:: |
| Options for the `asadmin` utility. For information about these |
| options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page. |
| `--help`:: |
| `-?`:: |
| Displays the help text for the subcommand. |
| `--alias`:: |
| The alias name of the certificate in the trust store. |
| {productName} looks up certificate in the trust store using that |
| alias and, if found, stores the corresponding DN as being valid for |
| secure administration. Because alias-name must be an alias associated |
| with a certificate currently in the trust store, you may find it most |
| useful for self-signed certificates. |
| |
| [[sthref1146]] |
| |
| === Operands |
| |
| DN:: |
| The distinguished name of the certificate, specified as a |
| comma-separated list in quotes. For example, |
| `"CN=system.amer.oracle.com,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US"`. |
| |
| [[sthref1147]] |
| |
| === Examples |
| |
| [[GSRFM608]][[sthref1148]] |
| |
| ==== Example 1 Trusting a DN for secure administration |
| |
| The following example shows how to specify a DN for authorizing access |
| in secure administration. |
| |
| [source] |
| ---- |
| asadmin> enable-secure-admin-principal |
| "CN=system.amer.oracle.com,OU=GlassFish, |
| O=Oracle Corporation,L=Santa Clara,ST=California,C=US" |
| |
| Command enable-secure-admin-principal executed successfully. |
| ---- |
| |
| [[sthref1149]] |
| |
| === Exit Status |
| |
| 0:: |
| subcommand executed successfully |
| 1:: |
| error in executing the subcommand |
| |
| [[sthref1150]] |
| |
| === See Also |
| |
| link:asadmin.html#asadmin-1m[`asadmin`(1M)] |
| |
| link:disable-secure-admin-principal.html#disable-secure-admin-principal-1[`disable-secure-admin-principal`(1)], |
| link:enable-secure-admin.html#enable-secure-admin-1[`enable-secure-admin`(1)] |
| |
| |
