asadmin-create-ssl(1AS) User Commands asadmin-create-ssl(1AS)
NAME
asadmin-create-ssl, create-ssl - Creates the SSL element in the HTTP listener,IIOP listener, or IIOP Service
SYNOPSIS
create-ssl --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile filename]
[--terse=false] [--echo=false] [--interactive=true] --type [http-listener|iiop-listener|iiop-service] --certname cert_name
[--ssl2enabled=false] [--ssl2ciphers ssl_2_ciphers] [--ssl3enabled=true] [--ssl3tlsciphers ssl3_tls_ciphers] [--tlsenabled=true]
[--tlsrollbackenabled=true] [--clientauthenabled=false] [listener_id]
Creates the ssl element from the HTTP listener, IIOP listener, or IIOP service. The listener_id is not required if the --type option is
iiop-service.
This command is supported in remote mode only.
OPTIONS
--user authorized domain application server administrative username.
--password password to administer the domain application server.
--host machine name where the domain application server is running.
--port port number of the domain application server listening for administration requests.
--secure if true, uses SSL/TLS to communicate with the domain application server.
--passwordfile file containing the domain application server password.
--terse indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
formatted data for consumption by a script. Default is false.
--echo setting to true will echo the command line statement on the standard output. Default is false.
--interactive if set to true (default), only the required password options are prompted.
--type type of service or listener that the SSL is created for. The type can be: http-listener, iiop-listener, and iiop-
service.
--certname nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name
format is tokenname:nickname. Including the tokenname: part in this attribute is optional.
--ssl2enabled determines whether SSL2 is enabled.
--ssl2ciphers a comma separated list of the SSL2 ciphers used. Use the prefix + to enable or -- to disable. Allowed values are:
rc4, rc4export, rc2, rc2export, idea, des, desede3. If no value is specified, all supported ciphers are assumed to
be enabled.
--ssl3enabled determines whether SSL3 is enabled.
--ssl3ciphers a comma separated list of the SSL3 ciphers used. Use the prefix + to enable or -- to disable. Allowed values are:
rsa_rc4_128_md5, rsa3des_sha, rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5. Allowed TSL values are:
rsa_des_56_sha, rsa_rc4_56_sha. If no value is specified, all supported ciphers are assumed to be enabled.
--tlsenabled determines whether TLS is enabled.
--tlsrollbackenabled determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and
5.5.
--clientauthenabled determines whether SSL3 client authentication is performed on every request independent of ACL-based access con-
trol.
OPERANDS
listener_ID the ID of the listener or service that the SSL is created for. This operand is not required if the --type option is
iiop-service.
Example 1: Using create-ssl
asadmin> create-ssl --user admin --password adminadmin
--host fuyako --port 7070 --type http-listener --certname sampleCert
--ssl2enabled=true --ssl2ciphers rc4,rc2,des --ssl3enabled=false
--ssl3tlscipers rsa_rc4_128_md5,rsa3des_sha,rsa_des_sha, rsa_rc4_40_md5
--tlsenabled=false --tlsrollbackenabled=false --clientauthenabled=false http-listener-1
Created SSL in HTTP Listener
Where: SSL is created for http-listener-1.
EXIT STATUS
0 command executed successfully
1 error in executing the command
asadmin-delete-ssl(1AS)
J2EE 1.4 SDK March 2004 asadmin-create-ssl(1AS)