BEA Systems, Inc.
WebLogic Server 6.1 API Reference

weblogic.management.configuration
Interface SSLMBean

public interface SSLMBean
extends ConfigurationMBean

This bean represents the configuration of SSL for clients

Author:
Copyright © 2001 BEA Systems, Inc. All Rights Reserved.

Method Summary
 java.lang.String getCertAuthenticator()
          Set the certificate authenticator class name to map a client certificate to a Weblogic Server user.
 int getCertificateCacheSize()
          The number of certificates held that have not been redeemed by tokens.
 java.lang.String[] getCiphersuites()
          String List of possible values SSL_NULL_WITH_NULL_NULL SSL_RSA_WITH_NULL_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_RC4_128_MD5 SSL_DH_anon_EXPORT_WITH_DES_40_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA If not specified, the default is SSL_RSA_EXPORT_WITH_RC4_40_MD5
 int getExportKeyLifespan()
          Returns the lifespan of SSL server encryption key in ???
 java.lang.String getHostnameVerifier()
          Set the hostname verifier class name to verify that, from an SSL client, the hostname from the URL is an acceptable match with the value from the common name entry in the server certificate's distinguished name.
 int getListenPort()
          TCP port at which the WebLogic Server listens for SSL connection requests.
 int getLoginTimeoutMillis()
          Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out.
 int getPeerValidationEnforced()
          Deprecated. As of WLS 6.1, this is an unused attribute
 java.lang.String getServerCertificateChainFileName()
          String containing the filename containing the ordered pem encoded server's certificate chain.
 java.lang.String getServerCertificateFileName()
          File containing SSL server certificate.
 java.lang.String getServerKeyFileName()
          File containing SSL server encryption key.
 java.lang.String getTrustedCAFileName()
          Returns the name of file containing the pem encoded trusted CAs
 boolean isClientCertificateEnforced()
          If true, all clients must present certificates from the configured SSLTrustedCAFileName.
 boolean isEnabled()
          Set whether or not SSL usage is enabled for the server.
 boolean isHandlerEnabled()
          Enables server-to-server SSL connections.
 boolean isHostnameVerificationIgnored()
          Turn off SSL hostname verification.
 boolean isKeyEncrypted()
          If true, the key is PKCS8 encrypted and requires a passphrase to be supplied to use the key.
 boolean isTwoWaySSLEnabled()
          Specifies whether Two Way SSL is optional.
 boolean isUseJava()
          Turn off native acceleration altogether and use pure java SSL
 void setCertAuthenticator(java.lang.String classname)
           
 void setCertificateCacheSize(int size)
          Set the number of certificates held that have not been redeemed by tokens.
 void setCiphersuites(java.lang.String[] ciphers)
           
 void setClientCertificateEnforced(boolean enforce)
          Set whether or not the SSL client certificate is enforced.
 void setEnabled(boolean enable)
           
 void setExportKeyLifespan(int lifespan)
          Set the lifespan of the SSL server encryption key.
 void setHandlerEnabled(boolean enable)
          Set whether or not to enable server-to-server SSL connections.
 void setHostnameVerificationIgnored(boolean ignoreFlag)
           
 void setHostnameVerifier(java.lang.String classname)
           
 void setKeyEncrypted(boolean keyIsEncrypted)
           
 void setListenPort(int port)
          Set the TCP port at which the WebLogic Server listens for SSL connection requests.
 void setLoginTimeoutMillis(int millis)
          Sets the number of milliseconds that WebLogic Server waits for an SSL connection before timing out.
 void setMDAcceleration(java.lang.String accel)
           
 void setPeerValidationEnforced(int checkLevel)
           
 void setRC4Acceleration(java.lang.String accel)
           
 void setRSAAcceleration(java.lang.String accel)
           
 void setServerCertificateChainFileName(java.lang.String fileName)
          Set the list of file names that contain server certificate authorities.
 void setServerCertificateFileName(java.lang.String fileName)
           
 void setServerKeyFileName(java.lang.String fileName)
          Set the file containing the SSL server encryption key.
 void setTrustedCAFileName(java.lang.String fileName)
          Sets the name of the file containing the SSL certificate authority for clients.
 void setTwoWaySSLEnabled(boolean enable)
          Set whether or not the Two Way SSL is enabled.
 void setUseJava(boolean usejava)
           
 
Methods inherited from interface weblogic.management.configuration.ConfigurationMBean
getNotes, setNotes, setPersistenceEnabled
 
Methods inherited from interface weblogic.management.WebLogicMBean
getMBeanInfo, getName, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setName, setParent
 
Methods inherited from interface javax.management.DynamicMBean
getAttribute, getAttributes, invoke, setAttribute, setAttributes
 
Methods inherited from interface javax.management.MBeanRegistration
postDeregister, postRegister, preDeregister, preRegister
 
Methods inherited from interface javax.management.NotificationBroadcaster
addNotificationListener, getNotificationInfo, removeNotificationListener
 

Method Detail

isUseJava

public boolean isUseJava()
Turn off native acceleration altogether and use pure java SSL

A configurable MBean attribute
Default Value: true
Old Property: weblogic.system.SSL.useJava

setUseJava

public void setUseJava(boolean usejava)

setMDAcceleration

public void setMDAcceleration(java.lang.String accel)
                       throws javax.management.InvalidAttributeValueException

setRC4Acceleration

public void setRC4Acceleration(java.lang.String accel)
                        throws javax.management.InvalidAttributeValueException

setRSAAcceleration

public void setRSAAcceleration(java.lang.String accel)
                        throws javax.management.InvalidAttributeValueException

isEnabled

public boolean isEnabled()
Set whether or not SSL usage is enabled for the server.

Default Value: false
Old Property: weblogic.security.ssl.enable

setEnabled

public void setEnabled(boolean enable)
                throws javax.management.InvalidAttributeValueException

getCiphersuites

public java.lang.String[] getCiphersuites()
String List of possible values SSL_NULL_WITH_NULL_NULL SSL_RSA_WITH_NULL_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_RC4_128_MD5 SSL_DH_anon_EXPORT_WITH_DES_40_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA If not specified, the default is SSL_RSA_EXPORT_WITH_RC4_40_MD5

setCiphersuites

public void setCiphersuites(java.lang.String[] ciphers)
                     throws javax.management.InvalidAttributeValueException

getCertAuthenticator

public java.lang.String getCertAuthenticator()
Set the certificate authenticator class name to map a client certificate to a Weblogic Server user. The weblogic.security.acl.CertAuthenticator interface provides a way to map a client certificate to a WebLogic Server user. The interface defines an authenticate() method that WebLogic Server calls after evaluating a certificate presented by a client.

Default Value: null
Old Property: weblogic.security.realm.certAuthenticator

setCertAuthenticator

public void setCertAuthenticator(java.lang.String classname)
                          throws javax.management.InvalidAttributeValueException

getHostnameVerifier

public java.lang.String getHostnameVerifier()
Set the hostname verifier class name to verify that, from an SSL client, the hostname from the URL is an acceptable match with the value from the common name entry in the server certificate's distinguished name. This is to prevent the man-in-the-middle attack. The weblogic.security.SSL.HostnameVerifier interface provides a way to verify the URL hostname against the certificate Subject. The interface defines a verify() method that WebLogic Server calls during the SSL handshake, on the client.

Default Value: null
Old Property: weblogic.security.SSL.hostnameVerifier

setHostnameVerifier

public void setHostnameVerifier(java.lang.String classname)
                         throws javax.management.InvalidAttributeValueException

isHostnameVerificationIgnored

public boolean isHostnameVerificationIgnored()
Turn off SSL hostname verification. By doing this, the SSL client library is open to man-in-the-middle attacks.

Default Value: false
Old Property: weblogic.security.SSL.ignoreHostnameVerification

setHostnameVerificationIgnored

public void setHostnameVerificationIgnored(boolean ignoreFlag)
                                    throws javax.management.InvalidAttributeValueException

getTrustedCAFileName

public java.lang.String getTrustedCAFileName()
Returns the name of file containing the pem encoded trusted CAs

A configurable MBean attribute
Default Value: "trusted-ca.pem"
Old Property: weblogic.security.clientRootCA

setTrustedCAFileName

public void setTrustedCAFileName(java.lang.String fileName)
                          throws javax.management.InvalidAttributeValueException
Sets the name of the file containing the SSL certificate authority for clients.

getPeerValidationEnforced

public int getPeerValidationEnforced()
Deprecated. As of WLS 6.1, this is an unused attribute

A non-configurable MBean attribute.
Default Value: 0

setPeerValidationEnforced

public void setPeerValidationEnforced(int checkLevel)
                               throws javax.management.InvalidAttributeValueException

isKeyEncrypted

public boolean isKeyEncrypted()
If true, the key is PKCS8 encrypted and requires a passphrase to be supplied to use the key. If false, the key is an unencrypted private key and may be used without providing a passphrase

A configurable MBean attribute
Default Value: false

setKeyEncrypted

public void setKeyEncrypted(boolean keyIsEncrypted)
                     throws javax.management.InvalidAttributeValueException

getExportKeyLifespan

public int getExportKeyLifespan()
Returns the lifespan of SSL server encryption key in ???

Default Value: 500
Old Property: weblogic.security.key.export.lifespan

setExportKeyLifespan

public void setExportKeyLifespan(int lifespan)
                          throws javax.management.InvalidAttributeValueException
Set the lifespan of the SSL server encryption key.

Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE

isClientCertificateEnforced

public boolean isClientCertificateEnforced()
If true, all clients must present certificates from the configured SSLTrustedCAFileName.

A configurable MBean attribute
Default Value: false
Old Property: weblogic.security.enforceClientCert

setClientCertificateEnforced

public void setClientCertificateEnforced(boolean enforce)
Set whether or not the SSL client certificate is enforced.

getServerCertificateFileName

public java.lang.String getServerCertificateFileName()
File containing SSL server certificate.

A configurable MBean attribute
Default Value: "server-cert.der"
Old Property: weblogic.security.certificate.server

setServerCertificateFileName

public void setServerCertificateFileName(java.lang.String fileName)

getListenPort

public int getListenPort()
TCP port at which the WebLogic Server listens for SSL connection requests.

A configurable MBean attribute
Default Value: 7002
Old Property: weblogic.system.SSLListenPort

setListenPort

public void setListenPort(int port)
Set the TCP port at which the WebLogic Server listens for SSL connection requests.

Legal Minimum Value: 1
Legal Maximum Value: 65535

getServerCertificateChainFileName

public java.lang.String getServerCertificateChainFileName()
String containing the filename containing the ordered pem encoded server's certificate chain. It should not include the server's certificate which is stored in the file pointed to by SSLServerCertificateFileName.

A configurable MBean attribute
Default Value: "server-certchain.pem"

setServerCertificateChainFileName

public void setServerCertificateChainFileName(java.lang.String fileName)
Set the list of file names that contain server certificate authorities. This method returns an immutable list of filename.

getCertificateCacheSize

public int getCertificateCacheSize()
The number of certificates held that have not been redeemed by tokens.

A configurable MBean attribute
Default Value: 3
Old Property: weblogic.security.certificateCacheSize

setCertificateCacheSize

public void setCertificateCacheSize(int size)
Set the number of certificates held that have not been redeemed by tokens.

Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE

isHandlerEnabled

public boolean isHandlerEnabled()
Enables server-to-server SSL connections. Disable this to over-ride automatic SSL between servers.

A configurable MBean attribute
Default Value: true
Old Property: weblogic.security.SSLHandler.enable

setHandlerEnabled

public void setHandlerEnabled(boolean enable)
Set whether or not to enable server-to-server SSL connections.

getLoginTimeoutMillis

public int getLoginTimeoutMillis()
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.

A configurable MBean attribute
Default Value: 25000
Old Property: weblogic.login.readTimeoutMillisSSL
See Also:
ServerMBean.getLoginTimeoutMillis(), weblogic.management.configuration.NetworkChannelMBean#getLoginTimeoutMillisSSL

setLoginTimeoutMillis

public void setLoginTimeoutMillis(int millis)
Sets the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.

Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE
See Also:
ServerMBean.getLoginTimeoutMillis(), weblogic.management.configuration.NetworkChannelMBean#getLoginTimeoutMillisSSL

getServerKeyFileName

public java.lang.String getServerKeyFileName()
File containing SSL server encryption key.

A configurable MBean attribute
Default Value: "server-key.der"
Old Property: weblogic.security.key.server

setServerKeyFileName

public void setServerKeyFileName(java.lang.String fileName)
Set the file containing the SSL server encryption key.

isTwoWaySSLEnabled

public boolean isTwoWaySSLEnabled()
Specifies whether Two Way SSL is optional.

A configurable MBean attribute
Default Value: false

setTwoWaySSLEnabled

public void setTwoWaySSLEnabled(boolean enable)
Set whether or not the Two Way SSL is enabled.

Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs61
WebLogic classes and methods that do not appear in this reference are not public and are not supported.