weblogic.management.configuration
Interface CertRevocCaMBean

All Superinterfaces:

ConfigurationMBean, DescriptorBean, DynamicMBean, MBeanRegistration, NotificationBroadcaster, SettableBean, WebLogicMBean

public interface CertRevocCaMBean
extends ConfigurationMBean

This MBean represents the configuration of certificate revocation checking for a specific certificate authority. Default values for attributes in this MBean are derived from CertRevocMBean.

See Also:

CertRevocMBean

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

long	getCrlDpDownloadTimeout() For this CA, determines the overall timeout for the Distribution Point CRL download, expressed in seconds.
String	getCrlDpUrl() For this CA, determines the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.
String	getCrlDpUrlUsage() For this CA, determines how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.
String	getDistinguishedName() Determines the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.
String	getMethodOrder() For this CA, determines the certificate revocation checking method order.
String	getOcspResponderCertIssuerName() For this CA, determines the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".
String	getOcspResponderCertSerialNumber() For this CA, determines the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".
String	getOcspResponderCertSubjectName() For this CA, determines the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT".
String	getOcspResponderExplicitTrustMethod() For this CA, determines whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.
String	getOcspResponderUrl() For this CA, determines the OCSP responder URL to use as failover or override for the URL found in the certificate AIA.
String	getOcspResponderUrlUsage() For this CA, determines how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.
long	getOcspResponseTimeout() For this CA, determines the timeout for the OCSP response, expressed in seconds.
int	getOcspTimeTolerance() For this CA, determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
boolean	isCheckingDisabled() For this CA, determines whether certificate revocation checking is disabled.
boolean	isCrlDpBackgroundDownloadEnabled() For this CA, determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
boolean	isCrlDpEnabled() For this CA, determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.
boolean	isFailOnUnknownRevocStatus() For this CA, determines whether certificate path checking should fail, if revocation status could not be determined.
boolean	isOcspNonceEnabled() For this CA, determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
boolean	isOcspResponseCacheEnabled() For this CA, determines whether the OCSP response local cache is enabled.
void	setCheckingDisabled(boolean checkingDisabled) For this CA, specifies whether certificate revocation checking is disabled.
void	setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled) For this CA, specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
void	setCrlDpDownloadTimeout(long crlDpDownloadTimeout) For this CA, specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.
void	setCrlDpEnabled(boolean crlDpEnabled) For this CA, specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.
void	setCrlDpUrl(String crlDpUrl) For this CA, specifies the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.
void	setCrlDpUrlUsage(String crlDpUrlUsage) For this CA, specifies how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.
void	setDistinguishedName(String distinguishedName) Specifies the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.
void	setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus) For this CA, specifies whether certificate path checking should fail, if revocation status could not be determined.
void	setMethodOrder(String methodOrder) For this CA, specifies the certificate revocation checking method order.
void	setOcspNonceEnabled(boolean ocspNonceEnabled) For this CA, specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
void	setOcspResponderCertIssuerName(String ocspResponderCertIssuerName) For this CA, specifies the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".
void	setOcspResponderCertSerialNumber(String ocspResponderCertSerialNumber) For this CA, specifies the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".
void	setOcspResponderCertSubjectName(String ocspResponderCertSubjectName) For this CA, specifies the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT".
void	setOcspResponderExplicitTrustMethod(String ocspResponderExplicitTrustMethod) For this CA, specifies whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.
void	setOcspResponderUrl(String ocspResponderUrl) For this CA, specifies the OCSP responder URL to use as failover or override for the URL found in the certificate AIA.
void	setOcspResponderUrlUsage(String ocspResponderUrlUsage) For this CA, specifies how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.
void	setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled) For this CA, specifies whether the OCSP response local cache is enabled.
void	setOcspResponseTimeout(long ocspResponseTimeout) For this CA, specifies the timeout for the OCSP response, expressed in seconds.
void	setOcspTimeTolerance(int ocspTimeTolerance) For this CA, specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Method Detail

getDistinguishedName

String getDistinguishedName()

Determines the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.

For example:
"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US"

This will be used to match this configuration to issued certificates requiring revocation checking.

Returns:

A distinguishedName value

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_DISTINGUISHED_NAME

setDistinguishedName

void setDistinguishedName(String distinguishedName)

Specifies the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.

For example:
"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US"

This will be used to match this configuration to issued certificates requiring revocation checking.

Parameters:

distinguishedName - A distinguishedName value

See Also:

CertRevocCaMBean.getDistinguishedName()

isCheckingDisabled

boolean isCheckingDisabled()

For this CA, determines whether certificate revocation checking is disabled.

Returns:

The checkingDisabled value

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_CHECKING_DISABLED

setCheckingDisabled

void setCheckingDisabled(boolean checkingDisabled)

For this CA, specifies whether certificate revocation checking is disabled.

Parameters:

checkingDisabled - The checkingDisabled value

See Also:

CertRevocCaMBean.isCheckingDisabled()

isFailOnUnknownRevocStatus

boolean isFailOnUnknownRevocStatus()

For this CA, determines whether certificate path checking should fail, if revocation status could not be determined.

Returns:

The failOnUnknownRevocStatus value

Changes take effect after you redeploy the module or restart the server.

setFailOnUnknownRevocStatus

void setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus)

For this CA, specifies whether certificate path checking should fail, if revocation status could not be determined.

Parameters:

failOnUnknownRevocStatus - The failOnUnknownRevocStatus value

See Also:

CertRevocCaMBean.isFailOnUnknownRevocStatus()

getMethodOrder

String getMethodOrder()

For this CA, determines the certificate revocation checking method order.

NOTE THAT omission of a specific method disables that method.

Returns:

A String containing the method order.

Changes take effect after you redeploy the module or restart the server.

Valid Values:

CertRevocMBean.METHOD_OCSP, CertRevocMBean.METHOD_CRL, CertRevocMBean.METHOD_OCSP_THEN_CRL, CertRevocMBean.METHOD_CRL_THEN_OCSP

setMethodOrder

void setMethodOrder(String methodOrder)

For this CA, specifies the certificate revocation checking method order.

NOTE THAT omission of a specific method disables that method.

Parameters:

methodOrder - A String containing the method order.

See Also:

CertRevocCaMBean.getMethodOrder()

getOcspResponderUrl

String getOcspResponderUrl()

For this CA, determines the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. The usage is determined by getOcspResponderUrlUsage.

Returns:

The ocspResponderUrl value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderUrlUsage()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_OCSP_RESPONDER_URL

setOcspResponderUrl

void setOcspResponderUrl(String ocspResponderUrl)

For this CA, specifies the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. The usage is determined by getOcspResponderUrlUsage.

Parameters:

ocspResponderUrl - The ocspResponderUrl value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderUrl(), CertRevocCaMBean.getOcspResponderUrlUsage()

getOcspResponderUrlUsage

String getOcspResponderUrlUsage()

For this CA, determines how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.

Returns:

The ocspResponderUrlUsage value

See Also:

CertRevocCaMBean.getOcspResponderUrl()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_OCSP_RESPONDER_URL_USAGE

Valid Values:

CertRevocCaMBean.USAGE_FAILOVER, CertRevocCaMBean.USAGE_OVERRIDE

setOcspResponderUrlUsage

void setOcspResponderUrlUsage(String ocspResponderUrlUsage)

For this CA, specifies how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.

Parameters:

ocspResponderUrlUsage - The ocspResponderUrlUsage value

See Also:

CertRevocCaMBean.getOcspResponderUrl(), CertRevocCaMBean.getOcspResponderUrlUsage()

getOcspResponderExplicitTrustMethod

String getOcspResponderExplicitTrustMethod()

For this CA, determines whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.

The valid values:

"NONE"

Explicit Trust is disabled

"USE_SUBJECT"

Identify the trusted certificate using the subject DN specified in the attribute CertRevocCaMBean.getOcspResponderCertSubjectName().

"USE_ISSUER_SERIAL_NUMBER"

Identify the trusted certificate using the issuer DN and certificate serial number specified in the attributes CertRevocCaMBean.getOcspResponderCertIssuerName() and CertRevocCaMBean.getOcspResponderCertSerialNumber(), respectively.

Returns:

The ocspResponderExplicitTrustMethod value

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_OCSP_RESPONDER_EXPLICIT_TRUST_METHOD

Valid Values:

CertRevocCaMBean.OCSP_EXPLICIT_TRUST_METHOD_NONE, CertRevocCaMBean.OCSP_EXPLICIT_TRUST_METHOD_USE_SUBJECT, CertRevocCaMBean.OCSP_EXPLICIT_TRUST_METHOD_USE_ISSUER_SERIAL_NUMBER

setOcspResponderExplicitTrustMethod

void setOcspResponderExplicitTrustMethod(String ocspResponderExplicitTrustMethod)

For this CA, specifies whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.

The valid values:

"NONE"

Explicit Trust is disabled

"USE_SUBJECT"

Identify the trusted certificate using the subject DN specified in the attribute CertRevocCaMBean.getOcspResponderCertSubjectName().

"USE_ISSUER_SERIAL_NUMBER"

Identify the trusted certificate using the issuer DN and certificate serial number specified in the attributes CertRevocCaMBean.getOcspResponderCertIssuerName() and CertRevocCaMBean.getOcspResponderCertSerialNumber(), respectively.

Parameters:

ocspResponderExplicitTrustMethod - The ocspResponderExplicitTrustMethod value

See Also:

CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

getOcspResponderCertSubjectName

String getOcspResponderCertSubjectName()

For this CA, determines the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT".

The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".

In cases where the subject name alone is not sufficient to uniquely identify the certificate, then both the CertRevocCaMBean.getOcspResponderCertIssuerName() and CertRevocCaMBean.getOcspResponderCertSerialNumber() may be used instead.

Returns:

The ocspResponderCertSubjectName value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_OCSP_RESPONDER_CERT_SUBJECT_NAME

setOcspResponderCertSubjectName

void setOcspResponderCertSubjectName(String ocspResponderCertSubjectName)

For this CA, specifies the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT".

The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".

In cases where the subject name alone is not sufficient to uniquely identify the certificate, then both the CertRevocCaMBean.getOcspResponderCertIssuerName() and CertRevocCaMBean.getOcspResponderCertSerialNumber() may be used instead.

Parameters:

ocspResponderCertSubjectName - The ocspResponderCertSubjectName value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderCertSubjectName(), CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

getOcspResponderCertIssuerName

String getOcspResponderCertIssuerName()

For this CA, determines the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".

The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".

When CertRevocCaMBean.getOcspResponderCertIssuerName() returns a non-null value then the CertRevocCaMBean.getOcspResponderCertSerialNumber() must also be set.

Returns:

The ocspResponderCertIssuerName value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_OCSP_RESPONDER_CERT_ISSUER_NAME

setOcspResponderCertIssuerName

void setOcspResponderCertIssuerName(String ocspResponderCertIssuerName)

For this CA, specifies the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".

The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".

When CertRevocCaMBean.getOcspResponderCertIssuerName() returns a non-null value then the CertRevocCaMBean.getOcspResponderCertSerialNumber() must also be set.

Parameters:

ocspResponderCertIssuerName - The ocspResponderCertIssuerName value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderCertIssuerName(), CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

getOcspResponderCertSerialNumber

String getOcspResponderCertSerialNumber()

For this CA, determines the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".

The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".

When CertRevocCaMBean.getOcspResponderCertSerialNumber() returns a non-null value then the CertRevocCaMBean.getOcspResponderCertIssuerName() must also be set.

Returns:

The ocspResponderCertSerialNumber value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_OCSP_RESPONDER_CERT_SERIAL_NUMBER

setOcspResponderCertSerialNumber

void setOcspResponderCertSerialNumber(String ocspResponderCertSerialNumber)

For this CA, specifies the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".

The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".

When CertRevocCaMBean.getOcspResponderCertSerialNumber() returns a non-null value then the CertRevocCaMBean.getOcspResponderCertIssuerName() must also be set.

Parameters:

ocspResponderCertSerialNumber - The ocspResponderCertSerialNumber value, null if none.

See Also:

CertRevocCaMBean.getOcspResponderCertSerialNumber(), CertRevocCaMBean.getOcspResponderExplicitTrustMethod()

isOcspNonceEnabled

boolean isOcspNonceEnabled()

For this CA, determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

Returns:

The ocspNonceEnabled value

Changes take effect after you redeploy the module or restart the server.

setOcspNonceEnabled

void setOcspNonceEnabled(boolean ocspNonceEnabled)

For this CA, specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

Parameters:

ocspNonceEnabled - The ocspNonceEnabled value

See Also:

CertRevocCaMBean.isOcspNonceEnabled()

isOcspResponseCacheEnabled

boolean isOcspResponseCacheEnabled()

For this CA, determines whether the OCSP response local cache is enabled.

Returns:

The ocspResponseCacheEnabled value

Changes take effect after you redeploy the module or restart the server.

setOcspResponseCacheEnabled

void setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled)

For this CA, specifies whether the OCSP response local cache is enabled.

Parameters:

ocspResponseCacheEnabled - The ocspResponseCacheEnabled value

See Also:

CertRevocCaMBean.isOcspResponseCacheEnabled()

getOcspResponseTimeout

long getOcspResponseTimeout()

For this CA, determines the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

Returns:

The ocspResponseTimeout in seconds.

Changes take effect after you redeploy the module or restart the server.

Maximum Value:

CertRevocMBean.MAX_OCSP_RESPONSE_TIMEOUT

Minimum Value:

CertRevocMBean.MIN_OCSP_RESPONSE_TIMEOUT

setOcspResponseTimeout

void setOcspResponseTimeout(long ocspResponseTimeout)

For this CA, specifies the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

Parameters:

ocspResponseTimeout - The ocspResponseTimeout in seconds.

See Also:

CertRevocCaMBean.getOcspResponseTimeout()

getOcspTimeTolerance

int getOcspTimeTolerance()

For this CA, determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Returns:

The ocspTimeTolerance value in seconds.

Changes take effect after you redeploy the module or restart the server.

Maximum Value:

CertRevocMBean.MAX_OCSP_TIME_TOLERANCE

Minimum Value:

CertRevocMBean.MIN_OCSP_TIME_TOLERANCE

setOcspTimeTolerance

void setOcspTimeTolerance(int ocspTimeTolerance)

For this CA, specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Parameters:

ocspTimeTolerance - The ocspTimeTolerance value in seconds.

See Also:

CertRevocCaMBean.getOcspTimeTolerance()

isCrlDpEnabled

boolean isCrlDpEnabled()

For this CA, determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.

Returns:

The crlDpEnabled value

Changes take effect after you redeploy the module or restart the server.

setCrlDpEnabled

void setCrlDpEnabled(boolean crlDpEnabled)

For this CA, specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.

Parameters:

crlDpEnabled - The crlDpEnabled value

See Also:

CertRevocCaMBean.isCrlDpEnabled()

getCrlDpDownloadTimeout

long getCrlDpDownloadTimeout()

For this CA, determines the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

Returns:

The crlDpDownloadTimeout value in seconds.

Changes take effect after you redeploy the module or restart the server.

Maximum Value:

CertRevocMBean.MAX_CRL_DP_DOWNLOAD_TIMEOUT

Minimum Value:

CertRevocMBean.MIN_CRL_DP_DOWNLOAD_TIMEOUT

setCrlDpDownloadTimeout

void setCrlDpDownloadTimeout(long crlDpDownloadTimeout)

For this CA, specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

Parameters:

crlDpDownloadTimeout - The crlDpDownloadTimeout value in seconds.

See Also:

CertRevocCaMBean.getCrlDpDownloadTimeout()

isCrlDpBackgroundDownloadEnabled

boolean isCrlDpBackgroundDownloadEnabled()

For this CA, determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

Returns:

The crlDpBackgroundDownloadEnabled value

Changes take effect after you redeploy the module or restart the server.

setCrlDpBackgroundDownloadEnabled

void setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled)

For this CA, specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

Parameters:

crlDpBackgroundDownloadEnabled - The crlDpBackgroundDownloadEnabled value

See Also:

CertRevocCaMBean.isCrlDpBackgroundDownloadEnabled()

getCrlDpUrl

String getCrlDpUrl()

For this CA, determines the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.

Returns:

The CRL Distribution Point URL to use for failover or override, null if none.

See Also:

CertRevocCaMBean.getCrlDpUrlUsage()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_CRL_DP_URL

setCrlDpUrl

void setCrlDpUrl(String crlDpUrl)

For this CA, specifies the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.

Parameters:

crlDpUrl - The CRL Distribution Point URL to use for failover or override, null if none.

See Also:

CertRevocCaMBean.getCrlDpUrlUsage(), CertRevocCaMBean.getCrlDpUrl()

getCrlDpUrlUsage

String getCrlDpUrlUsage()

For this CA, determines how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.

Returns:

The crlDpUrlUsage value

See Also:

CertRevocCaMBean.getCrlDpUrl()

Changes take effect after you redeploy the module or restart the server.

Default Value:

CertRevocCaMBean.DEFAULT_CRL_DP_URL_USAGE

Valid Values:

CertRevocCaMBean.USAGE_FAILOVER, CertRevocCaMBean.USAGE_OVERRIDE

setCrlDpUrlUsage

void setCrlDpUrlUsage(String crlDpUrlUsage)

For this CA, specifies how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.

Parameters:

crlDpUrlUsage - The crlDpUrlUsage value

See Also:

CertRevocCaMBean.getCrlDpUrlUsage(), CertRevocCaMBean.getCrlDpUrl()