Attribute Label
|
Description
|
Value Constraints
|
Server Private Key Alias
|
The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate and is usually stored by the server hostname.
MBean: weblogic.management. configuration.SSLMBean
Attribute: ServerPrivateKeyAlias
|
Default: null
Configurable: yes
Readable: yes
Writable: yes
|
Server Private Key Passphrase
|
The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
MBean: weblogic.management. configuration.SSLMBean
Attribute: ServerPrivateKeyPassPhrase
|
Default: null
Configurable: yes
Encrypted: yes
Readable: yes
Writable: yes
|
Server Certificate File Name
|
The full directory location and name of the digital certificate for WebLogic Server. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file. If the server certificate contains a chain with more than two certificates, the entire chain in PEM format should be stored in this file.
MBean: weblogic.management. configuration.SSLMBean
Attribute: ServerCertificateFileName
|
Default: "server-cert.der"
Configurable: yes
Readable: yes
Writable: yes
|
Client Certificate Enforced
|
Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
MBean: weblogic.management. configuration.SSLMBean
Attribute: ClientCertificateEnforced
|
Default: false
Readable: yes
Writable: yes
|
Client Certificate Requested But Not Enforced
|
Specifies that the server will request a certificate from the client. However, the SSL connection will continue even if the client does not present a certificate.
MBean: weblogic.management. configuration.SSLMBean
Attribute: TwoWaySSLEnabled
|
Default: "false"
Readable: yes
Writable: yes
|
Export Key Lifespan
|
Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.
MBean: weblogic.management. configuration.SSLMBean
Attribute: ExportKeyLifespan
|
Minimum: 1
Maximum: 2147483647
Default: 500
Configurable: yes
Readable: yes
Writable: yes
|
SSL Login Timeout
|
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.
If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.
MBean: weblogic.management. configuration.SSLMBean
Attribute: LoginTimeoutMillis
|
Units: milliseconds
Minimum: 1
Maximum: 2147483647
Default: 25000
Configurable: yes
Dynamic: yes
Readable: yes
Writable: yes
|
Hostname Verification Ignored
|
Disables the installed implementation of the weblogic.security.SSL.HostnameVerifierclass when WebLogic Server is acting as a client to another application server.
MBean: weblogic.management. configuration.SSLMBean
Attribute: HostnameVerificationIgnored
|
Default: false
Readable: yes
Writable: yes
|
Hostname Verifier
|
The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. This class verifies that the host name in the URL received from an SSL client matches the common name in the server certificate's distinguished name. This class prevents man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify()method that WebLogic Server calls on the client during the SSL handshake.
MBean: weblogic.management. configuration.SSLMBean
Attribute: HostnameVerifier
|
Default: null
Configurable: yes
Readable: yes
Writable: yes
|
Server Key File Name
|
The full directory location and name of the private key for WebLogic Server. The file extension (.PEM) indicates the method that should be used to read the file.
MBean: weblogic.management. configuration.SSLMBean
Attribute: ServerKeyFileName
|
Default: "server-key.der"
Configurable: yes
Readable: yes
Writable: yes
|
Trusted CA File Name
|
The name of the file containing the PEM-encoded trusted certificate authorities.
MBean: weblogic.management. configuration.SSLMBean
Attribute: TrustedCAFileName
|
Default: "trusted-ca.pem"
Configurable: yes
Readable: yes
Writable: yes
|
Cert Authenticator
|
The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. This class maps the digital certificate of a client to a WebLogic Server user. The weblogic.security.acl.CertAuthenticator class has an authenticate()method that WebLogic Server calls after validating the digital certificate presented by the client.
MBean: weblogic.management. configuration.SSLMBean
Attribute: CertAuthenticator
|
Default: null
Configurable: yes
Readable: yes
Writable: yes
|