blob: 105f098e79dfb62339fb2c910eb9d421d3d8f320 [file] [log] [blame]
type=page
status=published
title=enable-secure-admin
next=enable-secure-admin-internal-user.html
prev=enable-monitoring.html
~~~~~~
= enable-secure-admin
[[enable-secure-admin-1]][[GSRFM00129]][[enable-secure-admin]]
== enable-secure-admin
Enables secure admin (if it is not already enabled), optionally changing
the alias used for DAS-to-instance admin messages or the alias used for
instance-to-DAS admin messages.
[[sthref1128]]
=== Synopsis
[source]
----
asadmin [asadmin-options] enable-secure-admin [--help]
[--adminalias=alias]
[--instancealias=alias]
----
[[sthref1129]]
=== Description
The `enable-secure-admin` subcommand causes the DAS and the instances in
the domain to use SSL certificates for encrypting the messages they send
to each other. This subcommand also allows the DAS to accept
administration messages from remote admin clients such as the asadmin
utility and IDEs.
[NOTE]
====
You must restart any running servers in the domain after you enable or
disable secure admin. It is simpler to enable or disable secure admin
with only the DAS running, then restart the DAS, and then start any
other instances.
====
By default, when secure admin is enabled the DAS and the instances use
these SSL certificates to authenticate to each other as security
"principals" and to authorize admin access. The `--asadminalias` value
indicates to the DAS which SSL certificate it should use to identify
itself to the instances. The `--instancealias` value determines for
instances which SSL certificate they should use to identify themselves
to the DAS.
The `enable-secure-admin` subcommand fails if any administrative user in
the domain has a blank password.
Alternatively, you can use the `enable-secure-admin-internal-user`
subcommand to cause the servers to identify themselves using a secure
admin user name and password.
[[sthref1130]]
=== Options
asadmin-options::
Options for the `asadmin` utility. For information about these
options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page.
`--help`::
`-?`::
Displays the help text for the subcommand.
`--adminalias`::
The alias that refers to the SSL/TLS certificate on the DAS. This
alias is used by the DAS to identify itself to instances. The default
value is `s1as`.
`--instancealias`::
The alias that refers to the SSL/TLS certificate on the instances.
This alias is used by the instances to identify themselves to the DAS.
The default value is `glassfish-instance`.
[[sthref1131]]
=== Examples
[[GSRFM606]][[sthref1132]]
==== Example 1   Enabling `secure admin` for a domain
The following example shows how to enable `secure admin` for a domain
using an admin alias `adtest` and an instance alias `intest`
[source]
----
asadmin> enable-secure-admin --adminalias adtest --instancealias intest
server-config
default-config
Command enable-secure-admin executed successfully.
----
[[sthref1133]]
=== Exit Status
0::
subcommand executed successfully
1::
error in executing the subcommand
[[sthref1134]]
=== See Also
link:asadmin.html#asadmin-1m[`asadmin`(1M)]
link:disable-secure-admin.html#disable-secure-admin-1[`disable-secure-admin`(1)],
link:enable-secure-admin-principal.html#enable-secure-admin-principal-1[`enable-secure-admin-principal`(1)],
link:enable-secure-admin-internal-user.html#enable-secure-admin-internal-user-1[`enable-secure-admin-internal-user`(1)]