SSLMBean

Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

This MBean represents the configuration of the SSL protocol.

Fully Qualified Interface Name If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.management.configuration.SSLMBean
   
Factory Methods No factory methods. Instances of this MBean are created automatically.

Attributes

This section describes the following attributes:

 

AllowUnencryptedNullCipher

Test if the AllowUnEncryptedNullCipher is enabled

see setAllowUnencryptedNullCipher(boolean enable) for the NullCipher feature.

Available Since Release 10.3.0.0    
Privileges Read/Write    
Type boolean

 

CachingDisabled

Private property that disables caching in proxies.

   
Privileges Read only    
Type boolean
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

 

CertAuthenticator

The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class, which is deprecated in this release of WebLogic Server. This field is for Compatibility security only, and is only used when the Realm Adapter Authentication provider is configured.

The weblogic.security.acl.CertAuthenticator class maps the digital certificate of a client to a WebLogic Server user. The class has an authenticate() method that WebLogic Server calls after validating the digital certificate presented by the client.

   
Privileges Read/Write    
Type java.lang.String
Secure value weblogic.security.acl.CertAuthenticator

 

Ciphersuites

Indicates the cipher suites being used on a particular WebLogic Server.

The possible values are:

  • TLS_NULL_WITH_NULL_NULL

  • TLS_RSA_WITH_NULL_SHA

  • TLS_RSA_EXPORT_WITH_RC4_40_MD5

  • TLS_RSA_WITH_RC4_128_MD5

  • TLS_RSA_WITH_RC4_128_SHA

  • TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA

  • TLS_RSA_WITH_DES_CBC_SHA

  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_256_CBC_SHA

  • TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

  • TLS_DH_anon_WITH_RC4_128_MD5

  • TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA

  • TLS_DH_anon_WITH_DES_CBC_SHA

  • TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

The default is TLS_RSA_EXPORT_WITH_RC4_40_MD5.

   
Privileges Read/Write    
Type class java.lang.String[]

 

ClientCertificateEnforced

Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.

   
Privileges Read/Write    
Type boolean
Secure value true

 

Enabled

Indicates whether the server can be reached through the default SSL listen port.

If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.

   
Privileges Read/Write    
Type boolean
Secure value true

 

ExportKeyLifespan

Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.

   
Privileges Read/Write    
Type int
Default Value 500
Minimum value 1
Maximum value 2147483647

 

HostnameVerificationIgnored

Whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server).

   
Privileges Read/Write    
Type boolean

 

HostnameVerifier

The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface.

This class verifies whether the connection to the host with the hostname from URL should be allowed. The class is used to prevent man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.

   
Privileges Read/Write    
Type java.lang.String
Secure value weblogic.security.SSL.HostnameVerifier

 

IdentityAndTrustLocations

Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).

  • If set to KEYSTORES, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server).

  • If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSL Trusted CA File Name, Server Certificate File Name, and Server Key File Name attributes.

Domains created in WebLogic Server version 8.1 or later, default to KEYSTORES. Domains created before WebLogic Server version 8.1, default to FILES_OR_KEYSTORE_PROVIDERS.

   
Privileges Read/Write    
Type java.lang.String
Default Value KeyStores
Legal Values

  • KeyStores

  • FilesOrKeyStoreProviders

 

InboundCertificateValidation

Indicates the client certificate validation rules for inbound SSL.

This attribute only applies to ports and network channels using 2-way SSL.

Available Since Release 9.0.0.0    
Privileges Read/Write    
Type java.lang.String
Default Value BuiltinSSLValidationOnly
Legal Values

  • BuiltinSSLValidationOnly

  • BuiltinSSLValidationAndCertPathValidators

 

ListenPort

The TCP/IP port at which this server listens for SSL connection requests.

For more information, see:

   
Privileges Read/Write    
Type int
Default Value 7002
Minimum value 1
Maximum value 65535

 

LoginTimeoutMillis

Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

If clients are connecting over the Internet, raise the default number to accommodate additional network latency.

For more information, see:

   
Privileges Read/Write    
Type int
Default Value 25000
Minimum value 1
Maximum value 2147483647

 

MBeanInfo

Returns the MBean info for this MBean.

Deprecated.

   
Privileges Read only    
Type javax.management.MBeanInfo
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

 

Name of

The user-specified name of this MBean instance.

This name is included as one of the key properties in the MBean's javax.management.ObjectName:
Name of=user-specified-name

   
Privileges Read/Write    
Type java.lang.String

 

Notes

Optional information that you can include to describe this configuration.

WebLogic Sever saves this note in the domain's configuration file (config.xml) as XML PCDATA. All left angle brackets (<) are converted to the XML entity &lt;. Carriage returns/line feeds are preserved.

Note:

If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.

   
Privileges Read/Write    
Type java.lang.String

 

ObjectName

Returns the ObjectName under which this MBean is registered in the MBean server.

Deprecated.

   
Privileges Read only    
Type weblogic.management.WebLogicObjectName
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

 

OutboundCertificateValidation

Indicates the server certificate validation rules for outbound SSL.

This attribute always applies to outbound SSL that is part of WebLogic Server (that is, an Administration Server talking to the Node Manager). It does not apply to application code in the server that is using outbound SSL unless the application code uses a weblogic.security.SSL.ServerTrustManager that is configured to use outbound SSL validation.

Available Since Release 9.0.0.0    
Privileges Read/Write    
Type java.lang.String
Default Value BuiltinSSLValidationOnly
Legal Values

  • BuiltinSSLValidationOnly

  • BuiltinSSLValidationAndCertPathValidators

 

Parent

Return the immediate parent for this MBean

   
Privileges Read/Write    
Type

 

PeerValidationEnforced

Deprecated. 6.1.0.0 this is an unused attribute.

   
Privileges Read/Write    
Type int
Default Value 0

 

Registered

Returns false if the the MBean represented by this object has been unregistered.

Deprecated.

   
Privileges Read only    
Type boolean
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

 

ServerCertificateChainFileName

The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server.

The .pem file extension indicates that method that should be used to read the file. Note that as of WebLogic Server version 7.0, the digital certificate for WebLogic Server should not be stored in a file.

Deprecated. 7.0.0.0 server certificates (and chains) should be stored in keystores.

   
Privileges Read/Write    
Type java.lang.String
Default Value server-certchain.pem

 

ServerCertificateFileName

The full directory location of the digital certificate file (.der or .pem) for the server.

The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that stored digital certificates in files.

The file extension ( .der or .pem) tells WebLogic Server how to read the contents of the file.

Deprecated. 8.1.0.0 server certificates (and chains) should be stored in keystores.

   
Privileges Read/Write    
Type java.lang.String
Default Value server-cert.der

 

ServerKeyFileName

The full directory location of the private key file (.der or .pem) for the server.

The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store private keys in files. For a more secure deployment, BEA recommends saving private keys in keystores.

The file extension (.der or .pem) indicates the method that should be used to read the file.

Deprecated. 8.1.0.0 private keys should be stored in keystores.

   
Privileges Read/Write    
Type java.lang.String
Default Value server-key.der

 

ServerPrivateKeyAlias

The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.

   
Privileges Read/Write    
Type java.lang.String

 

ServerPrivateKeyPassPhrase

The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.

   
Privileges Read/Write    
Type java.lang.String
Encrypted true

 

ServerPrivateKeyPassPhraseEncrypted

The encrypted passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

For more information, see:

   
Privileges Read/Write    
Type byte[]
Encrypted true

 

SSLRejectionLoggingEnabled

Indicates whether warning messages are logged in the server log when SSL connections are rejected.

Available Since Release 8.1.0.0    
Privileges Read/Write    
Type boolean
Default Value true

 

TrustedCAFileName

The full directory location of the file that specifies the certificate authorities trusted by the server.

The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store trusted certificate authorities in files.

The file specified in this attribute can contain a single digital certificate or multiple digital certificates. The file extension ( .der or .pem) tells WebLogic Server how to read the contents of the file.

Deprecated. 8.1.0.0 trusted CAs should be stored in keystores.

   
Privileges Read/Write    
Type java.lang.String
Default Value trusted-ca.pem

 

TwoWaySSLEnabled

The form of SSL that should be used.

By default, WebLogic Server is configured to use one-way SSL (implied by the Client Certs Not Requested value). Selecting Client Certs Requested But Not Enforced enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. Selecting Client Certs Requested And Enforced also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.

   
Privileges Read/Write    
Type boolean
Secure value true

 

Type

Returns the type of the MBean.

   
Privileges Read only    
Type java.lang.String
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

 

UseServerCerts

Sets whether the client should use the server certificates/key as the client identity when initiating a connection over https.

   
Privileges Read/Write    
Type boolean

Operations

This section describes the following operations:

 

freezeCurrentValue

If the specified attribute has not been set explicitly, and if the attribute has a default value, this operation forces the MBean to persist the default value.

Unless you use this operation, the default value is not saved and is subject to change if you update to a newer release of WebLogic Server. Invoking this operation isolates this MBean from the effects of such changes.

Note:

To insure that you are freezing the default value, invoke the restoreDefaultValue operation before you invoke this.

This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute for which some other value has been set.

Deprecated. 9.0.0.0

Operation Name "freezeCurrentValue"    
Parameters Object [] {  attributeName }

where:

  • attributeName is an object of type java.lang.String that specifies:

    attributeName

Signature String [] { "java.lang.String" }
Returns void
Exceptions

  • javax.management.AttributeNotFoundException

  • javax.management.MBeanException

 

isSet

Returns true if the specified attribute has been set explicitly in this MBean instance.

Operation Name "isSet"    
Parameters Object [] {  propertyName }

where:

  • propertyName is an object of type java.lang.String that specifies:

    property to check

Signature String [] { "java.lang.String" }
Returns boolean

 

restoreDefaultValue

If the specified attribute has a default value, this operation removes any value that has been set explicitly and causes the attribute to use the default value.

Default values are subject to change if you update to a newer release of WebLogic Server. To prevent the value from changing if you update to a newer release, invoke the freezeCurrentValue operation.

This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute that is already using the default.

Deprecated. 9.0.0.0

Operation Name "restoreDefaultValue"    
Parameters Object [] {  attributeName }

where:

  • attributeName is an object of type java.lang.String that specifies:

    attributeName

Signature String [] { "java.lang.String" }
Returns void
Exceptions

  • javax.management.AttributeNotFoundException

 

unSet

Restore the given property to its default value.

Operation Name "unSet"    
Parameters Object [] {  propertyName }

where:

  • propertyName is an object of type java.lang.String that specifies:

    property to restore

Signature String [] { "java.lang.String" }
Returns void