BEA Logo BEA WebLogic Server Release 6.1

  Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy

   e-docs   |   Site Map   |   Search   |   Contact   |   Glossary   |   WebLogic Server Documentation

   BEA WebLogic Server Frequently Asked Questions:   Previous topic   |   Next topic   |   Contents   

 

FAQs: Security

 


How can I update my demonstration digital certificates and trusted CAs?

When the demonstration certificates expire or when you want to go into Production, BEA recommends purchasing your own certificates and trusted CAs from a reputable vendor such as Verisign or Entrust. To purchase your own certificates, you can generate a certificate signature request (CSR) using the Certificate Request servlet described in Managing Security. Once you get new certificates and trusted CAs, you need to delete the files for the demonstration digital certificates and trusted CA and replace them with the new ones. You also have to reset the SSL attributes in the Administration Console.


Why does the servlet return "no certificate"?

You may receive this message when you try to use the certificate capture facility to provide two-way authentication. To troubleshoot, please check the following:

  1. Does the Web browser you are using have a digital certificate?

  2. Have you configured WebLogic Server to require client authentication by checking the Client Certificate Enforced option on the SSL tab in the Server Configuration window of the Administration Console?

  3. Have you installed digital certificates in the \wlserver6.0\config\mydomain directory?

  4. Have you configured a port for SSL communication as described in Configuring the SSL Protocol?

  5. Are you using HTTPS rather than HTTP?


Does WebLogic support Diffie-Hellman or DSS/DSA digital certificates?

No. The exportable version of WebLogic supports only 512 bit RSA with 40 bit RC4. Additionally, browsers do not support these types of certificates, and there are no commercial issuers for DSA certificates.


Can the server have one RSA and one non-RSA certificate?

No.


Must we pay RSA licensing costs for non-RSA client code?

WebLogic has licensed RSA for SSL between WebLogic Servers and clients. With WebLogic, no extra licensing for RSA is necessary, although different rules apply to VARs.


How do I use Netscape security certificates with WebLogic Server?

Netscape stores the private and public keys together in a key-pair file, which prevents you from separating the public and private keys. In config.xml, the ServerKeyFileName attribute refers only to the private key file. Therefore, you must generate another request for a certificate, not using Netscape utilities. You can use the Certificate Request servlet to generate a request for a new certificate. Using WebLogic SSL shows how to use the servlet.


How do I restrict access to servlets and JSPs?

The Java Servlet API Specification v2.2 allows you to declaratively restrict access to specific Servlets and JSPs using the Web Application Deployment descriptor. Section 13.3.2 of the specification has an example deployment descriptor that uses declarative security. For more information, see Programming WebLogic HTTP Servlets.


Can I use RSA encryption algorithms and javax.crypto.* API to build applications?

No. WebLogic's RSA license does not permit end-users to use RSA classes directly. You must obtain your own license for the encryption libraries from RSA.


Can I use a JNDI Initial Context to pass the security credentials of a WebLogic Server user?

Yes, but not in releases that come after 6.1. In releases that come after 6.1, you must use the Java Authentication and Authorization Service (JAAS) rather than JNDI to associate a User with a security context. For more information, see Programming WebLogic Security.

 

 

Copyright © 2000 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.