blob: ff23bd549ad5b16e876f3a11bec0e8f75d6fe453 [file] [log] [blame]
type=page
status=published
title=enable-secure-admin-principal
next=export.html
prev=enable-secure-admin-internal-user.html
~~~~~~
= enable-secure-admin-principal
[[enable-secure-admin-principal-1]][[GSRFM00131]][[enable-secure-admin-principal]]
== enable-secure-admin-principal
Instructs {productName}, when secure admin is enabled, to accept
admin requests from clients identified by the specified SSL certificate.
[[sthref1143]]
=== Synopsis
[source]
----
asadmin [asadmin-options] enable-secure-admin-principal [--help]
--alias aliasname | DN
----
[[sthref1144]]
=== Description
The `enable-secure-admin-principal` subcommand instructs
{productName} to accept admin requests when accompanied by an SSL
certificate with the specified distinguished name (DN). If you use the
"`--alias` aliasname" form, then {productName} looks in its
truststore for a certificate with the specified alias and uses the DN
associated with that certificate. Otherwise, {productName} records
the value you specify as the DN.
You must specify either the `--alias` option, or the DN.
You can run `enable-secure-admin-principal` multiple times so that
{productName} accepts admin requests from a client sending a
certificate with any of the DNs you specify.
When you run `enable-secure-admin`, {productName} automatically
records the DNs for the admin alias and the instance alias, whether you
specify those values or use the defaults. You do not need to run
`enable-secure-admin-principal` yourself for those certificates. Other
than these certificates, you must run `enable-secure-admin-principal`
for any other DN that {productName} should authorize to send admin
requests. This includes DNs corresponding to trusted certificates (those
with a certificate chain to a trusted authority.)
[[sthref1145]]
=== Options
asadmin-options::
Options for the `asadmin` utility. For information about these
options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page.
`--help`::
`-?`::
Displays the help text for the subcommand.
`--alias`::
The alias name of the certificate in the trust store.
{productName} looks up certificate in the trust store using that
alias and, if found, stores the corresponding DN as being valid for
secure administration. Because alias-name must be an alias associated
with a certificate currently in the trust store, you may find it most
useful for self-signed certificates.
[[sthref1146]]
=== Operands
DN::
The distinguished name of the certificate, specified as a
comma-separated list in quotes. For example,
`"CN=system.amer.oracle.com,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US"`.
[[sthref1147]]
=== Examples
[[GSRFM608]][[sthref1148]]
==== Example 1   Trusting a DN for secure administration
The following example shows how to specify a DN for authorizing access
in secure administration.
[source]
----
asadmin> enable-secure-admin-principal
"CN=system.amer.oracle.com,OU=GlassFish,
O=Oracle Corporation,L=Santa Clara,ST=California,C=US"
Command enable-secure-admin-principal executed successfully.
----
[[sthref1149]]
=== Exit Status
0::
subcommand executed successfully
1::
error in executing the subcommand
[[sthref1150]]
=== See Also
link:asadmin.html#asadmin-1m[`asadmin`(1M)]
link:disable-secure-admin-principal.html#disable-secure-admin-principal-1[`disable-secure-admin-principal`(1)],
link:enable-secure-admin.html#enable-secure-admin-1[`enable-secure-admin`(1)]