It is very simple ;).
All it does is tries to create an https connection (using Java class: HttpsURLConnection) to the server, when it is configured to be secure.
The terminology in this entire area is of essence and hence you may
want to read the SSL documentation, but it is as follows, in a nutshell:
- asadmin is a client. The domain is the server. The domain has its
"admin-listener" configured for SSL or not. This question (you have
asked) is applicable only when security-enabled on admin-listener
is "true" => SSL communication.
- According to the SSL protocol, a handshake happens and server sends its
"digital certificate" identifying itself. In the "default" case, server
is configured with a self-signed certificate (that is there in
its own keystore and truststore by the virtue of create-domain).
- When this certificate (usually nicknamed "s1as") is received by
asadmin it checks it it already trusts it. That happens by checking
for its existence (or that of its parent in a cert chain) in
its own "truststore" named .asadmintruststore in asadmin user's home
folder. This is the part not many people know of ;).
- If the cert happens to be there, the communication happens normally.
If it is not there, asadmin should (and does) prompt you if you
trust the server by showing the signature of the cert it sends.
If you accept it (by pressing yes/y), the certificate is then
added to ~/.asadmintruststore (for future reference) and then
the communication commences.
- Your admin password is secure (not put on wire using base64 auth)
till the handshake succeeds. That's why to be secure, you need to
do admin-listener/security-enabled=true on the server.
- After that, it's pretty straightforward and resembles the plaintext
connection.
Hope this is clear. Maybe I should blog about it.
Regards,
Kedar
[Message sent by forum member 'km' (kedar.mhaswade_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=368089