weblogic.management.configuration
Interface SSLMBean

public interface SSLMBean

extends ConfigurationMBean

This MBean represents the configuration of the SSL protocol for version 6.x and version 7.0 WebLogic Server deployments.

Field Summary

static long

CACHING_STUB_SVUID

Fields inherited from class weblogic.management.configuration.ConfigurationMBean

CACHING_STUB_SVUID

Method Summary

java.lang.String	getCertAuthenticator() The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class.
int	getCertificateCacheSize() The number of certificates held that have not been redeemed by tokens.
java.lang.String[]	getCiphersuites() Specifies the cipher suites being used on a particular WebLogic Server.
int	getExportKeyLifespan() Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key.
java.lang.String	getHostnameVerifier() The name of the class that implements the weblogic.security.SSL.HostnameVerifier class.
int	getListenPort() The TCP/IP port at which the WebLogic Server listens for SSL connection requests.
int	getLoginTimeoutMillis() Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out.
int	getPeerValidationEnforced() Deprecated. As of WLS 6.1, this is an unused attribute
java.lang.String	getServerCertificateChainFileName() Deprecated. Deprecated in WebLogic Server version 7.0.
java.lang.String	getServerCertificateFileName() The full directory location and name of the digital certificate for WebLogic Server.
java.lang.String	getServerKeyFileName() Deprecated. Deprecated in WebLogic Server version 7.0. It is replaced by the KeyStore provider.
java.lang.String	getServerPrivateKeyAlias() The string alias used to store and retrieve the server's private key in the keystore.
java.lang.String	getServerPrivateKeyPassPhrase() The passphrase used to retrieve the server's private key from the keystore.
java.lang.String	getTrustedCAFileName() The name of the file containing the PEM-encoded trusted certificate authorities.
boolean	isClientCertificateEnforced() Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
boolean	isEnabled() Indicates whether the SSL port in the SSLMBean is enabled.
boolean	isHandlerEnabled() Not used.
boolean	isHostnameVerificationIgnored() Indicates whether the installed implementation of the weblogic.security.SSL.HostnameVerifier class is enabled.
boolean	isKeyEncrypted() Specifies whether or not the private key for the WebLogic Server has been encrypted with a password.
boolean	isTwoWaySSLEnabled() Specifies that the server will request a certificate from the client.
boolean	isUseJava() Enables the use of native Java libraries.
void	setCertAuthenticator(java.lang.String classname)
void	setCertificateCacheSize(int size) Set the number of certificates held that have not been redeemed by tokens.
void	setCiphersuites(java.lang.String[] ciphers)
void	setClientCertificateEnforced(boolean enforce) Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
void	setEnabled(boolean enable) Enables the use the SSL port in the SSLMBean If this is disabled then the plain-text (non-SSL) listen for this server must be enabled.
void	setExportKeyLifespan(int lifespan) Set the lifespan of the SSL server encryption key.
void	setHandlerEnabled(boolean enable) Not used.
void	setHostnameVerificationIgnored(boolean ignoreFlag) Enables or disables the installed implementation of the weblogic.security.SSL.HostnameVerifier class when WebLogic Server is acting as a client to another application server.
void	setHostnameVerifier(java.lang.String classname)
void	setKeyEncrypted(boolean keyIsEncrypted)
void	setListenPort(int port) Set the TCP/IP port at which the WebLogic Server listens for SSL connection requests.
void	setLoginTimeoutMillis(int millis) Sets the number of milliseconds that WebLogic Server waits for an SSL connection before timing out.
void	setMDAcceleration(java.lang.String accel)
void	setPeerValidationEnforced(int checkLevel)
void	setRC4Acceleration(java.lang.String accel)
void	setRSAAcceleration(java.lang.String accel)
void	setServerCertificateChainFileName(java.lang.String fileName) The list of file names that contain server certificate authorities.
void	setServerCertificateFileName(java.lang.String fileName)
void	setServerKeyFileName(java.lang.String fileName) Set the file containing the SSL server encryption key.
void	setServerPrivateKeyAlias(java.lang.String alias)
void	setServerPrivateKeyPassPhrase(java.lang.String phrase)
void	setTrustedCAFileName(java.lang.String fileName) The name of the file that contains the digital certificate(s) for the certificate authority(s) trusted by WebLogic Server.
void	setTwoWaySSLEnabled(boolean enabled)
void	setUseJava(boolean usejava)

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

addLinkMbeanAttribute, getNotes, isPersistenceEnabled, setNotes

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getName, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setName, setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Field Detail

CACHING_STUB_SVUID

public static final long CACHING_STUB_SVUID

Method Detail

isUseJava

public boolean isUseJava()

Enables the use of native Java libraries. WebLogic Server provides a pure-Java implementation of the SSL protocol. Native libraries enhance the performance for SSL operations on the Solaris, Windows NT, and IBM AIX platforms. This attribute is read-only.

A configurable MBean attribute

Default Value: true

setUseJava

public void setUseJava(boolean usejava)

setMDAcceleration

public void setMDAcceleration(java.lang.String accel)
                       throws javax.management.InvalidAttributeValueException

setRC4Acceleration

public void setRC4Acceleration(java.lang.String accel)
                        throws javax.management.InvalidAttributeValueException

setRSAAcceleration

public void setRSAAcceleration(java.lang.String accel)
                        throws javax.management.InvalidAttributeValueException

isEnabled

public boolean isEnabled()

Indicates whether the SSL port in the SSLMBean is enabled. If this is disabled then the plain-text (non-SSL) listen for this server must be enabled. Additional ports can be configured using

setEnabled

public void setEnabled(boolean enable)
                throws javax.management.InvalidAttributeValueException

Enables the use the SSL port in the SSLMBean If this is disabled then the plain-text (non-SSL) listen for this server must be enabled. Additional ports can be configured using

Default Value: false

Legal Value: !(value == false && weblogic.management.configuration.ServerLegalHelper.isListenPortEnabled(self) == false)

Secure Value: true

getCiphersuites

public java.lang.String[] getCiphersuites()

Specifies the cipher suites being used on a particular WebLogic Server.

The possible values are:

• SSL_NULL_WITH_NULL_NULL
• SSL_RSA_WITH_NULL_SHA
• SSL_RSA_EXPORT_WITH_RC4_40_MD5
• SSL_RSA_WITH_RC4_128_MD5
• SSL_RSA_WITH_RC4_128_SHA
• SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA
• SSL_RSA_WITH_DES_CBC_SHA
• SSL_RSA_WITH_3DES_EDE_CBC_SHA
• SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
• SSL_DH_anon_WITH_RC4_128_MD5
• SSL_DH_anon_EXPORT_WITH_DES_40_CBC_SHA
• SSL_DH_anon_WITH_DES_CBC_SHA
• SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

The default is SSL_RSA_EXPORT_WITH_RC4_40_MD5.

setCiphersuites

public void setCiphersuites(java.lang.String[] ciphers)
                     throws javax.management.InvalidAttributeValueException

getCertAuthenticator

public java.lang.String getCertAuthenticator()

The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. This class maps the digital certificate of a client to a WebLogic Server user. The weblogic.security.acl.CertAuthenticator class has an authenticate() method that WebLogic Server calls after validating the digital certificate presented by the client.

Default Value: null

Secure Value: weblogic.security.acl.CertAuthenticator

setCertAuthenticator

public void setCertAuthenticator(java.lang.String classname)
                          throws javax.management.InvalidAttributeValueException

getHostnameVerifier

public java.lang.String getHostnameVerifier()

The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. This class verifies that the host name in the URL received from an SSL client matches the common name in the server certificate's distinguished name. This class prevents man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.

Default Value: null

Secure Value: weblogic.security.SSL.HostnameVerifier

setHostnameVerifier

public void setHostnameVerifier(java.lang.String classname)
                         throws javax.management.InvalidAttributeValueException

isHostnameVerificationIgnored

public boolean isHostnameVerificationIgnored()

Indicates whether the installed implementation of the weblogic.security.SSL.HostnameVerifier class is enabled.

setHostnameVerificationIgnored

public void setHostnameVerificationIgnored(boolean ignoreFlag)
                                    throws javax.management.InvalidAttributeValueException

Enables or disables the installed implementation of the weblogic.security.SSL.HostnameVerifier class when WebLogic Server is acting as a client to another application server.

Default Value: false

Secure Value: false

getTrustedCAFileName

public java.lang.String getTrustedCAFileName()

The name of the file containing the PEM-encoded trusted certificate authorities.

A configurable MBean attribute

Default Value: "trusted-ca.pem"

setTrustedCAFileName

public void setTrustedCAFileName(java.lang.String fileName)
                          throws javax.management.InvalidAttributeValueException

The name of the file that contains the digital certificate(s) for the certificate authority(s) trusted by WebLogic Server. The file specified in this attribute can contain a single digital certificate or multiple digital certificates. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file.

getPeerValidationEnforced

public int getPeerValidationEnforced()

Deprecated. As of WLS 6.1, this is an unused attribute

A non-configurable MBean attribute.

Default Value: 0

setPeerValidationEnforced

public void setPeerValidationEnforced(int checkLevel)
                               throws javax.management.InvalidAttributeValueException

isKeyEncrypted

public boolean isKeyEncrypted()

Specifies whether or not the private key for the WebLogic Server has been encrypted with a password.

• If the attribute is set to true, the private key requires a password be supplied in order to use the key.
• If the attribute is set to false, the private key is unencrypted and may be used without providing a password.

This attribute is read-only.

A configurable MBean attribute

Default Value: false

Secure Value: true

setKeyEncrypted

public void setKeyEncrypted(boolean keyIsEncrypted)
                     throws javax.management.InvalidAttributeValueException

getExportKeyLifespan

public int getExportKeyLifespan()

Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.

Default Value: 500

setExportKeyLifespan

public void setExportKeyLifespan(int lifespan)
                          throws javax.management.InvalidAttributeValueException

Set the lifespan of the SSL server encryption key.

Legal Minimum Value: 1

Legal Maximum Value: java.lang.Integer.MAX_VALUE

isClientCertificateEnforced

public boolean isClientCertificateEnforced()

Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.

setClientCertificateEnforced

public void setClientCertificateEnforced(boolean enforce)

Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.

A configurable MBean attribute

Default Value: false

Secure Value: true

getServerCertificateFileName

public java.lang.String getServerCertificateFileName()

The full directory location and name of the digital certificate for WebLogic Server. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file.

A configurable MBean attribute

Default Value: "server-cert.der"

setServerCertificateFileName

public void setServerCertificateFileName(java.lang.String fileName)

getListenPort

public int getListenPort()

The TCP/IP port at which the WebLogic Server listens for SSL connection requests.

A configurable MBean attribute

Default Value: 7002

See Also:

isEnabled(), ServerMBean.getListenPort(), ServerMBean.getAdministrationPort(), NetworkChannelMBean.getListenPort(), NetworkChannelMBean.getSSLListenPort()

setListenPort

public void setListenPort(int port)

Set the TCP/IP port at which the WebLogic Server listens for SSL connection requests.

Legal Minimum Value: 1

Legal Maximum Value: 65535

See Also:

isEnabled(), ServerMBean.getListenPort(), ServerMBean.getAdministrationPort(), NetworkChannelMBean.getListenPort(), NetworkChannelMBean.getSSLListenPort()

getServerCertificateChainFileName

public java.lang.String getServerCertificateChainFileName()

Deprecated. Deprecated in WebLogic Server version 7.0.

The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server. The .PEM file extension indicates that method that should be used to read the file. Note that the digital certificate for WebLogic Server should not be stored in this file. If the chain contains more than two certificates, the entire chain should be included in this file in PEM format.

A configurable MBean attribute

Default Value: "server-certchain.pem"

setServerCertificateChainFileName

public void setServerCertificateChainFileName(java.lang.String fileName)

The list of file names that contain server certificate authorities. This method returns an immutable list of filenames.

getCertificateCacheSize

public int getCertificateCacheSize()

The number of certificates held that have not been redeemed by tokens. This attribute is read-only.

Default Value: 3

Legal Minimum Value: 1

Legal Maximum Value: java.lang.Integer.MAX_VALUE

setCertificateCacheSize

public void setCertificateCacheSize(int size)

Set the number of certificates held that have not been redeemed by tokens. This attribute is read-only.

Default Value: 3

Legal Minimum Value: 1

Legal Maximum Value: java.lang.Integer.MAX_VALUE

isHandlerEnabled

public boolean isHandlerEnabled()

Not used. Ignore.

A configurable MBean attribute

Default Value: true

setHandlerEnabled

public void setHandlerEnabled(boolean enable)

Not used. Ignore.

getLoginTimeoutMillis

public int getLoginTimeoutMillis()

Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.

A dynamic MBean attribute

Default Value: 25000

See Also:

ServerMBean.getLoginTimeoutMillis(), NetworkChannelMBean.getLoginTimeoutMillisSSL()

setLoginTimeoutMillis

public void setLoginTimeoutMillis(int millis)

Sets the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.

Legal Minimum Value: 1

Legal Maximum Value: java.lang.Integer.MAX_VALUE

See Also:

ServerMBean.getLoginTimeoutMillis(), NetworkChannelMBean.getLoginTimeoutMillisSSL()

getServerKeyFileName

public java.lang.String getServerKeyFileName()

Deprecated. Deprecated in WebLogic Server version 7.0. It is replaced by the KeyStore provider.

The full directory location and name of the private key for WebLogic Server. The file extension (.PEM) indicates the method that should be used to read the file.

A configurable MBean attribute

Default Value: "server-key.der"

setServerKeyFileName

public void setServerKeyFileName(java.lang.String fileName)

Set the file containing the SSL server encryption key.

isTwoWaySSLEnabled

public boolean isTwoWaySSLEnabled()

Specifies that the server will request a certificate from the client. However, if the client does not present a certificate, the SSL connection will continue.

A configurable MBean attribute

Default Value: "false"

Secure Value: "true"

setTwoWaySSLEnabled

public void setTwoWaySSLEnabled(boolean enabled)

getServerPrivateKeyAlias

public java.lang.String getServerPrivateKeyAlias()

The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate and is usually stored by the server hostname.

A configurable MBean attribute

Default Value: null

setServerPrivateKeyAlias

public void setServerPrivateKeyAlias(java.lang.String alias)

getServerPrivateKeyPassPhrase

public java.lang.String getServerPrivateKeyPassPhrase()

The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.

A configurable MBean attribute

Default Value: null

setServerPrivateKeyPassPhrase

public void setServerPrivateKeyPassPhrase(java.lang.String phrase)