sslglassfishasadmin

Need Assistance Configuring GlassFish With asadmin


Due to project limitations, I need to configure my GlassFish installation using asadmin within a shell script (linux). I have all of my parameters configured, except one. The section I need to configure is the "network listener" section. Here is what the section of the default domain.xml file looks like:

<network-config>
    <protocols>
        <protocol name="http-listener-1">
            <http default-virtual-server="server" max-connections="250" server-name="">
                <file-cache enabled="false"></file-cache>
            </http>
        </protocol>
        <protocol security-enabled="true" name="http-listener-2">
            <http default-virtual-server="server" max-connections="250" server-name="">
                <file-cache enabled="false"></file-cache>
            </http>
            <ssl ssl3-enabled="false" cert-nickname="s1as"></ssl>
        </protocol>
        <protocol name="admin-listener">
            <http default-virtual-server="__asadmin" max-connections="250" server-name="">
                <file-cache enabled="false"></file-cache>
            </http>
        </protocol>
    </protocols>
</network-config>

For the "http-listener-2" section, I need to make changes to the "ssl" section. I have looked many places but cannot find the correct asadmin command to make these changes. What my ssl section needs to look like is this:

<ssl key-store="config/xxxxxServer.jks" trust-store="config/xxxxxTrustStore.jks" cert-nickname="xxxxxServer" />

As I have said, I have looked for a couple of days now, and I cannot find the correct command line commands to use with asadmin to set these parameters. I thought "asadmin create-ssl" would be what I needed, but, unfortunately, it was not. In looking at the web interface for GlassFish, I see the parameters I need to set. This tells me that I should be able to configure it via asadmin. Any assistance in helping me with this would be greatly appreciated.

Thanks for reading, and have a great day.


Solution

  • The quick answer : use asadmin get and set.

    here is a bit of output from commands to make it clearer... I hope.

    Let's take a look at the output from get...

    $ ~/GlassFish_Server/bin/asadmin get 'configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.*'
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.allow-lazy-init=true
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.cert-nickname=s1as
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.classname=com.sun.enterprise.security.ssl.GlassfishSSLImpl
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.client-auth=
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.client-auth-enabled=false
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.key-store-password-provider=plain
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.ssl-inactivity-timeout=30
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.ssl2-enabled=false
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.ssl3-enabled=false
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.tls-enabled=true
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.tls-rollback-enabled=true
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.trust-max-cert-length=5
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.trust-store-password-provider=plain
    Command get executed successfully.
    

    Now, use set to alter the value of one of the other properties...

    $ ~/GlassFish_Server/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.key-store=config/xxxxxServer.jks
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.key-store=config/xxxxxServer.jks
    Command set executed successfully.
    

    Use get to verify that the value 'took'...

    $ ~/GlassFish_Server/bin/asadmin get configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.key-store
    configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.key-store=config/xxxxxServer.jks
    Command get executed successfully.