SSL
Description
This MBean represents the configuration of the SSL protocol for version 6.x and version 7.0 WebLogic Server deployments.
Syntax
<SSL CertAuthenticator="String CertificateCacheSize="number Ciphersuites="list of Strings ClientCertificateEnforced=( "true" | "false" ) Enabled=( "true" | "false" ) ExportKeyLifespan="number HandlerEnabled=( "true" | "false" ) HostnameVerificationIgnored=( "true" | "false" ) HostnameVerifier="String IdentityAndTrustLocations=( "KeyStores" | "FilesOrKeyStoreProviders" ) KeyEncrypted=( "true" | "false" ) ListenPort="number LoginTimeoutMillis="number of milliseconds Name="String Notes="String SSLRejectionLoggingEnabled=( "true" | "false" ) ServerCertificateChainFileName="String ServerCertificateFileName="String ServerKeyFileName="String ServerPrivateKeyAlias="String ServerPrivateKeyPassPhrase="String TrustedCAFileName="String TwoWaySSLEnabled=( "true" | "false" ) Type="String UseJava=( "true" | "false" )
/>
Parent Elements
Attributes
| CertAuthenticator | The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. This class maps the digital certificate of a client to a WebLogic Server user. the weblogic.security.acl.CertAuthenticator class has an authenticate() method that WebLogic Server calls after validating the digital certificate presented by the client. | Admin Console field label: Cert AuthenticatorRequired: noSecure value: weblogic.security.acl.CertAuthenticator |
| CertificateCacheSize | The number of certificates held that have not been redeemed by tokens. | Admin Console field label: Certificate Cache SizeDefault: 3Minimum: 1Maximum: 231-1 |
| Ciphersuites |
Specifies the cipher suites being used on a particular WebLogic Server.The possible values are:
| Required: no |
| ClientCertificateEnforced | Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server. | Admin Console field label: Client Certificate EnforcedDefault: false |
| Enabled | Indicates whether the SSL port in the SSLMBean is enabled. If this is disabled then the plain-text (non-SSL) listen for this server must be enabled. Additional ports can be configured using | Admin Console field label: SSL Listen Port EnabledDefault: false |
| ExportKeyLifespan | Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key. | Admin Console field label: Export Key LifespanDefault: 500Minimum: 1Maximum: 231-1 |
| HandlerEnabled | Not used. Ignore. | Admin Console field label: Handler EnabledDefault: true |
| HostnameVerificationIgnored | Indicates whether the installed implementation of the weblogic.security.SSL.HostnameVerifier class is enabled. | Admin Console field label: Hostname Verification IgnoredDefault: false |
| HostnameVerifier | The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. This class verifies that the host name in the URL received from an SSL client matches the common name in the server certificate's distinguished name. This class prevents man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake. | Admin Console field label: Custom Hostname VerifierRequired: noSecure value: weblogic.security.SSL.HostnameVerifier |
| IdentityAndTrustLocations | Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).If set to KEYSTORES, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server MBean).If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSLMBean's TrustedCAFileName, ServerCertificateFileName and ServerKeyFileName attributes. Domains created in WLS 8.1 or later default to KEYSTORES. Domains created before WLS 8.1 default to FILES_OR_KEYSTORE_PROVIDERS. | Admin Console field label: Identity and Trust LocationsRequired: no |
| KeyEncrypted |
This attribute is no longer used as of WLS 7.0. Specifies whether or not the private key for the WebLogic Server has been encrypted with a password.
| Admin Console field label: Key EncryptedDefault: falseSecure value: true |
| ListenPort | The TCP/IP port at which the WebLogic Server listens for SSL connection requests. | Admin Console field label: SSL Listen PortDefault: 7002Minimum: 1Maximum: 65535 |
| LoginTimeoutMillis | Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections. If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute. | Admin Console field label: SSL Login TimeoutUnits: millisecondsDefault: 25000Minimum: 1Maximum: 231-1 |
| Name | The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration. | Required: no |
| Notes | Optional information that you can include to describe this configuration. | Required: no |
| SSLRejectionLoggingEnabled | This setting controls whether logging is done when a connection over SSL is rejected. | Admin Console field label: SSLRejection Logging EnabledDefault: true |
| ServerCertificateChainFileName | Deprecated. This attribute is no longer used as of WLS 7.0. The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server. The .PEM file extension indicates that method that should be used to read the file. Note that the digital certificate for WebLogic Server should not be stored in this file. | Admin Console field label: Server Certificate Chain File NameRequired: noDefault: server-certchain.pem |
| ServerCertificateFileName | Deprecated. The full directory location and name of the digital certificate for WebLogic Server. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file. | Admin Console field label: Server Certificate File NameRequired: noDefault: server-cert.der |
| ServerKeyFileName | Deprecated. The full directory location and name of the private key for WebLogic Server. The file extension (.PEM) indicates the method that should be used to read the file. | Admin Console field label: Private Key File NameRequired: noDefault: server-key.der |
| ServerPrivateKeyAlias | The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate. | Admin Console field label: Private Key AliasRequired: no |
| ServerPrivateKeyPassPhrase | The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated. | Admin Console field label: PassphraseRequired: noEncrypted: yes |
| TrustedCAFileName | Deprecated. The name of the file containing the PEM-encoded trusted certificate authorities. | Admin Console field label: Trusted CA File NameRequired: noDefault: trusted-ca.pem |
| TwoWaySSLEnabled | Is two way SSL enabled? | Admin Console field label: Client Certificate Requested But Not EnforcedDefault: falseSecure value: "true" |
| Type | Returns the type of the MBean. | Required: no |
| UseJava | Enables the use of native Java libraries. WebLogic Server provides a pure-Java implementation of the SSL protocol. Native libraries enhance the performance for SSL operations on the Solaris, Windows NT, and IBM AIX platforms. | Admin Console field label: Use JavaDefault: true |
|
|
|