Table 75-1 SSLMBean Element Attributes
Attribute
|
Description
|
Range of Values and Default
|
Console Label
|
Cert-Authenticator
|
The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. This class maps the digital certificate of a client to a WebLogic Server user. the weblogic.security.acl.CertAuthenticator class has an authenticate()method that WebLogic Server calls after validating the digital certificate presented by the client.
|
Default: null
|
Cert Authenticator
|
Certificate-Cache-Size
|
The number of certificates held that have not been redeemed by tokens.
|
Default: 3
Minimum: 1
Maximum: 2147483647
|
Certificate Cache Size
|
Ciphersuites
|
Specifies the cipher suites being used on a particular WebLogic Server.
The possible values are:
The default is SSL_RSA_EXPORT_WITH_RC4_40_MD5.
|
|
Ciphersuites
|
Client-Certificate-Enforced
|
Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
|
Default: false
|
Client Certificate Enforced
|
Enabled
|
Enables the use the SSL port in the SSLMBean If this is disabled then the plain-text (non-SSL) listen for this server must be enabled. Additional ports can be configured using
|
Default: false
|
Enable SSL Listen Port (Please configure SSL)
|
Export-Key-Lifespan
|
Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.
|
Default: 500
Minimum: 1
Maximum: 2147483647
|
Export Key Lifespan
|
Handler-Enabled
|
Not used. Ignore.
|
Default: true
|
Handler Enabled
|
Hostname-Verification-Ignored
|
Disables the installed implementation of the weblogic.security.SSL.HostnameVerifierclass when WebLogic Server is acting as a client to another application server.
|
Default: false
|
Hostname Verification Ignored
|
Hostname-Verifier
|
The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. This class verifies that the host name in the URL received from an SSL client matches the common name in the server certificate's distinguished name. This class prevents man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify()method that WebLogic Server calls on the client during the SSL handshake.
|
Default: null
|
Hostname Verifier
|
Key-Encrypted
|
Specifies whether or not the private key for the WebLogic Server has been encrypted with a password.
|
Default: false
|
Key Encrypted
|
Listen-Port
|
The TCP/IP port at which the WebLogic Server listens for SSL connection requests.
|
Default: 7002
Minimum: 1
Maximum: 65535
|
SSL Listen Port
|
Login-Timeout-Millis
|
The number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections. If clients are connecting over the Internet, raise the default number to accommodate additional network latency. A value of 0 disables the attribute.
|
Default: 25000
Minimum: 1
Maximum: 2147483647
Units: milliseconds
|
SSL Login Timeout
|
Name
|
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.
|
|
Name
|
Notes
|
Optional information that you can include to describe this configuration.
|
|
Notes
|
Peer-Validation-Enforced
|
|
Default: 0
|
Peer Validation Enforced
|
Server-Certificate-Chain-File-Name
|
The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server. The .PEMfile extension indicates that method that should be used to read the file. Note that the digital certificate for WebLogic Server should not be stored in this file.
|
Default: "server-certchain.pem"
|
Server Certificate Chain File Name
|
Server-Certificate-File-Name
|
The full directory location and name of the digital certificate for WebLogic Server. The file extension ( .DER or .PEM) tells WebLogic Server how to read the contents of the file.
|
Default: "server-cert.der"
|
Server Certificate File Name
|
Server-Key-File-Name
|
The full directory location and name of the private key for WebLogic Server. The file extension (.PEM) indicates the method that should be used to read the file.
|
Default: "server-key.der"
|
Server Key File Name
|
Server-Private-Key-Alias
|
The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate and is usually stored by the server hostname.
|
Default: null
|
Server Private Key Alias
|
Server-Private-Key-Pass-Phrase
|
The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
|
Default: null
|
Server Private Key Passphrase
|
Trusted-CAFile-Name
|
The name of the file containing the PEM-encoded trusted certificate authorities.
|
Default: "trusted-ca.pem"
|
Trusted CA File Name
|
Two-Way-SSLEnabled
|
Is two way SSL enabled?
|
Default: "false"
|
Client Certificate Requested But Not Enforced
|
Use-Java
|
Enables the use of native Java libraries. WebLogic Server provides a pure-Java implementation of the SSL protocol. Native libraries enhance the performance for SSL operations on the Solaris, Windows NT, and IBM AIX platforms.
|
Default: true
|
Use Java
|