e-docs > WebLogic Server > Administration Console Online Help > Servers

Administration Console Online Help

 Previous Next Contents Index  

 

Server --> Connections --> SSL

Tasks     Additional Documentation     Attributes

Overview

The Secure Sockets Layer (SSL) protocol provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. The SSL protocol provides server authentication and optionally client authentication. Use this tab to use the SSL protocol with your WebLogic Server deployment.

Tasks

Configuring the SSL Protocol

Additional Documentation

(Requires an Internet connection.)

Introduction to WebLogic Security

Managing WebLogic Security

Programmimg WebLogic Security

Developing Security Providers for WebLogic Server

Securing a WebLogic Server Deployment

Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0

Security FAQ

The Security page in the WebLogic Server documentation

Attributes

Attribute Label

Description

Value Constraints

Server Private Key Alias

The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate and is usually stored by the server hostname.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: ServerPrivateKeyAlias

Default: null

Configurable: yes

Readable: yes

Writable: yes

Server Private Key Passphrase

The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: ServerPrivateKeyPassPhrase

Default: null

Configurable: yes

Encrypted: yes

Readable: yes

Writable: yes

Server Certificate File Name

The full directory location and name of the digital certificate for WebLogic Server. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file. If the server certificate contains a chain with more than two certificates, the entire chain in PEM format should be stored in this file.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: ServerCertificateFileName

Default: "server-cert.der"

Configurable: yes

Readable: yes

Writable: yes

Client Certificate Enforced

Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: ClientCertificateEnforced

Default: false

Readable: yes

Writable: yes

Client Certificate Requested But Not Enforced

Specifies that the server will request a certificate from the client. However, the SSL connection will continue even if the client does not present a certificate.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: TwoWaySSLEnabled

Default: "false"

Readable: yes

Writable: yes

Export Key Lifespan

Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: ExportKeyLifespan

Minimum: 1

Maximum: 2147483647

Default: 500

Configurable: yes

Readable: yes

Writable: yes

SSL Login Timeout

Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: LoginTimeoutMillis

Units: milliseconds

Minimum: 1

Maximum: 2147483647

Default: 25000

Configurable: yes

Dynamic: yes

Readable: yes

Writable: yes

Hostname Verification Ignored

Disables the installed implementation of the weblogic.security.SSL.HostnameVerifierclass when WebLogic Server is acting as a client to another application server.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: HostnameVerificationIgnored

Default: false

Readable: yes

Writable: yes

Hostname Verifier

The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. This class verifies that the host name in the URL received from an SSL client matches the common name in the server certificate's distinguished name. This class prevents man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify()method that WebLogic Server calls on the client during the SSL handshake.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: HostnameVerifier

Default: null

Configurable: yes

Readable: yes

Writable: yes

Server Key File Name

The full directory location and name of the private key for WebLogic Server. The file extension (.PEM) indicates the method that should be used to read the file.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: ServerKeyFileName

Default: "server-key.der"

Configurable: yes

Readable: yes

Writable: yes

Trusted CA File Name

The name of the file containing the PEM-encoded trusted certificate authorities.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: TrustedCAFileName

Default: "trusted-ca.pem"

Configurable: yes

Readable: yes

Writable: yes

Cert Authenticator

The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. This class maps the digital certificate of a client to a WebLogic Server user. The weblogic.security.acl.CertAuthenticator class has an authenticate()method that WebLogic Server calls after validating the digital certificate presented by the client.

MBean: weblogic.management.
configuration.SSLMBean

Attribute: CertAuthenticator

Default: null

Configurable: yes

Readable: yes

Writable: yes


 

Back to Top Previous Next