SSL

 

---

Description

This MBean represents the configuration of the SSL protocol for version 6.x and version 7.0 WebLogic Server deployments.

 

---

Syntax

<SSL
  CertAuthenticator="String"
  CertificateCacheSize="number"
  Ciphersuites="list of Strings"
  ClientCertificateEnforced=( "true" | "false" )
  Enabled=( "true" | "false" )
  ExportKeyLifespan="number"
  HandlerEnabled=( "true" | "false" )
  HostnameVerificationIgnored=( "true" | "false" )
  HostnameVerifier="String"
  KeyEncrypted=( "true" | "false" )
  ListenPort="number"
  LoginTimeoutMillis="number of milliseconds"
  Name="String"
  Notes="String"
  ServerCertificateChainFileName="String"
  ServerCertificateFileName="String"
  ServerKeyFileName="String"
  ServerPrivateKeyAlias="String"
  ServerPrivateKeyPassPhrase="String"
  TrustedCAFileName="String"
  TwoWaySSLEnabled=( "true" | "false" )
  UseJava=( "true" | "false" )
/>

 

---

Parent Elements

• Server

 

---

Attributes

Table 61-1 SSL attributes

Attribute	Description	Range of Values and Default
CertAuthenticator	The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. This class maps the digital certificate of a client to a WebLogic Server user. The weblogic.security.acl.CertAuthenticator class has an authenticate() method that WebLogic Server calls after validating the digital certificate presented by the client.	Admin Console field label: Cert Authenticator Required: no Secure value: weblogic.security.acl.CertAuthenticator
CertificateCacheSize	The number of certificates held that have not been redeemed by tokens. This attribute is read-only.	Admin Console field label: Certificate Cache Size Required: no Default: 3 Minimum: 1 Maximum: 231-1
Ciphersuites	Specifies the cipher suites being used on a particular WebLogic Server. The possible values are: SSL_NULL_WITH_NULL_NULL SSL_RSA_WITH_NULL_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_RC4_128_MD5 SSL_DH_anon_EXPORT_WITH_DES_40_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA The default is SSL_RSA_EXPORT_WITH_RC4_40_MD5.	Required: no
ClientCertificateEnforced	Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.	Admin Console field label: Client Certificate Enforced Required: no Default: false
Enabled	Indicates whether the SSL port in the SSLMBean is enabled. If this is disabled then the plain-text (non-SSL) listen for this server must be enabled. Additional ports can be configured using	Admin Console field label: Enable SSL Listen Port (Please configure SSL) Required: no Default: false
ExportKeyLifespan	Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.	Admin Console field label: Export Key Lifespan Required: no Default: 500 Minimum: 1 Maximum: 231-1
HandlerEnabled	Not used. Ignore.	Admin Console field label: Handler Enabled Required: no Default: true
HostnameVerificationIgnored	Indicates whether the installed implementation of the weblogic.security.SSL.HostnameVerifier class is enabled.	Admin Console field label: Hostname Verification Ignored Required: no Default: false
HostnameVerifier	The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. This class verifies that the host name in the URL received from an SSL client matches the common name in the server certificate's distinguished name. This class prevents man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.	Admin Console field label: Hostname Verifier Required: no Secure value: weblogic.security.SSL.HostnameVerifier
KeyEncrypted	Specifies whether or not the private key for the WebLogic Server has been encrypted with a password. If the attribute is set to true, the private key requires a password be supplied in order to use the key. If the attribute is set to false, the private key is unencrypted and may be used without providing a password. This attribute is read-only.	Admin Console field label: Key Encrypted Required: no Default: false Secure value: true
ListenPort	The TCP/IP port at which the WebLogic Server listens for SSL connection requests.	Admin Console field label: SSL Listen Port Required: no Default: 7002 Minimum: 1 Maximum: 65535
LoginTimeoutMillis	Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections. If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.	Admin Console field label: SSL Login Timeout Required: no Units: milliseconds Default: 25000 Minimum: 1 Maximum: 231-1
Name	The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.	Required: no
Notes	Optional information that you can include to describe this configuration.	Required: no
ServerCertificateChainFileName	Deprecated. The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server. The .PEM file extension indicates that method that should be used to read the file. Note that the digital certificate for WebLogic Server should not be stored in this file. If the chain contains more than two certificates, the entire chain should be included in this file in PEM format.	Admin Console field label: Server Certificate Chain File Name Required: no Default: server-certchain.pem
ServerCertificateFileName	The full directory location and name of the digital certificate for WebLogic Server. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file.	Admin Console field label: Server Certificate File Name Required: no Default: server-cert.der
ServerKeyFileName	Deprecated. The full directory location and name of the private key for WebLogic Server. The file extension (.PEM) indicates the method that should be used to read the file.	Admin Console field label: Server Key File Name Required: no Default: server-key.der
ServerPrivateKeyAlias	The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate and is usually stored by the server hostname.	Admin Console field label: Server Private Key Alias Required: no
ServerPrivateKeyPassPhrase	The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.	Admin Console field label: Server Private Key Passphrase Required: no Encrypted: yes
TrustedCAFileName	The name of the file containing the PEM-encoded trusted certificate authorities.	Admin Console field label: Trusted CA File Name Required: no Default: trusted-ca.pem
TwoWaySSLEnabled	Specifies that the server will request a certificate from the client. However, if the client does not present a certificate, the SSL connection will continue.	Admin Console field label: Client Certificate Requested But Not Enforced Required: no Default: false Secure value: "true"
UseJava	Enables the use of native Java libraries. WebLogic Server provides a pure-Java implementation of the SSL protocol. Native libraries enhance the performance for SSL operations on the Solaris, Windows NT, and IBM AIX platforms. This attribute is read-only.	Admin Console field label: Use Java Required: no Default: true