This MBean represents the configuration of the SSL protocol.
| Fully Qualified Interface Name | If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:weblogic.management.configuration.SSLMBean
|
||
| Factory Methods | No factory methods. Instances of this MBean are created automatically. | ||
| Access Points |
You can access this MBean from the following MBean attributes:
|
This section describes the following attributes:
Test if the AllowUnEncryptedNullCipher is enabled
see setAllowUnencryptedNullCipher(boolean enable)
for the NullCipher feature.
| Available Since | Release 10.3.0.0 |
| Privileges | Read/Write |
| Type | boolean |
Private property that disables caching in proxies.
| Privileges | Read only |
| Type | boolean |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The name of the Java class that implements the
weblogic.security.acl.CertAuthenticator class, which
is deprecated in this release of WebLogic Server. This field is for
Compatibility security only, and is only used when the Realm
Adapter Authentication provider is configured.
The weblogic.security.acl.CertAuthenticator class
maps the digital certificate of a client to a WebLogic Server user.
The class has an authenticate() method that WebLogic
Server calls after validating the digital certificate presented by
the client.
| Privileges | Read/Write |
| Type | java.lang.String |
| Secure value | weblogic.security.acl.CertAuthenticator |
Indicates the cipher suites being used on a particular WebLogic Server.
The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.
For a list of possible values, see Cipher Suites.
| Privileges | Read/Write |
| Type | class java.lang.String[] |
Determines the alias of the client SSL certificate to be used as
identity for outbound SSL connections. The certificate is assumed
to be stored in the server configured keystore. Note that to use
the client SSL certificate, setUseClientCertForOutbound must be enabled.
For more information, see:
| Privileges | Read/Write |
| Type | java.lang.String |
Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
| Privileges | Read/Write |
| Type | boolean |
| Secure value | true |
The passphrase used to retrieve the private key for the client
SSL certificate specified in ClientCertAlias from the server configured keystore.
This passphrase is assigned to the private key when the private key
is generated. Note that this attribute is usually used when
outbound SSL connections specify a client SSL certificate identity.
Note that when you get the value of this attribute, WebLogic
Server does the following:
Retrieves the value of the
ClientCertPrivateKeyPassPhraseEncrypted attribute.
Decrypts the value and returns the unencrypted passphrase.
For more information, see:
| Privileges | Read/Write |
| Type | java.lang.String |
| Encrypted | true |
The encrypted passphrase used to retrieve the private key for
the client SSL certificate specified in ClientCertAlias from the server configured keystore.
This passphrase is assigned to the private key when the private key
is generated. To compare a password that a user enters with the
encrypted value of this attribute, go to the same WebLogic Server
instance that you used to set and encrypt this attribute, and use
weblogic.management.EncryptionHelper.encrypt() to
encrypt the user-supplied password. Then compare the encrypted
values. Note that this attribute is usually used when outbound SSL
connections specify a client SSL certificate identity.
For more information, see:
| Privileges | Read/Write |
| Type | byte[] |
| Encrypted | true |
Return whether the MBean was created dynamically or is persisted to config.xml
| Privileges | Read only |
| Type | boolean |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Indicates whether the server can be reached through the default SSL listen port.
If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.
| Privileges | Read/Write |
| Type | boolean |
| Secure value | true |
Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.
| Privileges | Read/Write |
| Type | int |
| Default Value | 500 |
| Minimum value | 1 |
| Maximum value | 2147483647 |
Specifies whether to ignore the installed implementation of the
weblogic.security.SSL.HostnameVerifier interface (when
this server is acting as a client to another application
server).
| Privileges | Read/Write |
| Type | boolean |
The name of the class that implements the
weblogic.security.SSL.HostnameVerifier interface.
This class verifies whether the connection to the host with the
hostname from URL should be allowed. The class is used to prevent
man-in-the-middle attacks. The
weblogic.security.SSL.HostnameVerifier has a
verify() method that WebLogic Server calls on the
client during the SSL handshake.
| Privileges | Read/Write |
| Type | java.lang.String |
| Secure value | weblogic.security.SSL.HostnameVerifier |
Return the unique id of this MBean instance
| Privileges | Read only |
| Type | long |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).
If set to KEYSTORES, then SSL retrieves the
identity and trust from the server's keystores (that are configured
on the Server).
If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL
first looks in the deprecated KeyStore providers for the identity
and trust. If not found, then it looks in the flat files indicated
by the SSL Trusted CA File Name, Server Certificate File Name, and
Server Key File Name attributes.
Domains created in WebLogic Server version 8.1 or later, default
to KEYSTORES. Domains created before WebLogic Server
version 8.1, default to
FILES_OR_KEYSTORE_PROVIDERS.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | KeyStores |
| Legal Values |
|
Indicates the client certificate validation rules for inbound SSL.
This attribute only applies to ports and network channels using 2-way SSL.
| Available Since | Release 9.0.0.0 |
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | BuiltinSSLValidationOnly |
| Legal Values |
|
Determines whether the SSL implementation in Weblogic Server is JSSE based.
| Privileges | Read/Write |
| Type | boolean |
| Default Value | true |
The TCP/IP port at which this server listens for SSL connection requests.
For more information, see:
| Privileges | Read/Write |
| Type | int |
| Default Value | 7002 |
| Minimum value | 1 |
| Maximum value | 65535 |
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.
If clients are connecting over the Internet, raise the default number to accommodate additional network latency.
For more information, see:
| Privileges | Read/Write |
| Type | int |
| Default Value | 25000 |
| Minimum value | 1 |
| Maximum value | 2147483647 |
Returns the MBean info for this MBean.
Deprecated.
| Privileges | Read only |
| Type | javax.management.MBeanInfo |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The user-specified name of this MBean instance.
This name is included as one of the key properties in the
MBean's javax.management.ObjectName:
Name=user-specified-name
| Privileges | Read/Write |
| Type | java.lang.String |
Optional information that you can include to describe this configuration.
WebLogic Server saves this note in the domain's configuration
file (config.xml) as XML PCDATA. All left angle
brackets (<) are converted to the XML entity
<. Carriage returns/line feeds are
preserved.
If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.
| Privileges | Read/Write |
| Type | java.lang.String |
Returns the ObjectName under which this MBean is registered in the MBean server.
Deprecated.
| Privileges | Read only |
| Type | weblogic.management.WebLogicObjectName |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Indicates the server certificate validation rules for outbound SSL.
This attribute always applies to outbound SSL that is part of
WebLogic Server (that is, an Administration Server talking to the
Node Manager). It does not apply to application code in the server
that is using outbound SSL unless the application code uses a
weblogic.security.SSL.ServerTrustManager that is
configured to use outbound SSL validation.
| Available Since | Release 9.0.0.0 |
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | BuiltinSSLValidationOnly |
| Legal Values |
|
The string alias used to store and retrieve the outbound private key in the keystore. This private key is associated with either a server or a client digital certificate. This attribute value is derived from other settings and cannot be physically set.
The returned value is determined as follows:
If the isUseClientCertForOutbound returns
true, the value from ClientCertAlias is
returned.
Otherwise, the value from ServerPrivateKeyAlias is returned.
For more information, see:
| Privileges | Read only |
| Type | java.lang.String |
The passphrase used to retrieve the outbound private key from the keystore. This passphrase is assigned to the private key when it is generated. This attribute value is derived from other settings and cannot be physically set.
The returned value is determined as follows:
If the isUseClientCertForOutbound returns
true, the value from ClientCertPrivateKeyPassPhrase is returned.
Otherwise, the value from ServerPrivateKeyPassPhrase is returned.
For more information, see:
| Privileges | Read only |
| Type | java.lang.String |
Return the immediate parent for this MBean
| Privileges | Read/Write |
| Type |
Deprecated.
| Privileges | Read/Write |
| Type | int |
| Default Value | 0 |
Returns false if the MBean represented by this object has been unregistered.
Deprecated.
| Privileges | Read only |
| Type | boolean |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server.
The .pem file extension indicates that method that
should be used to read the file. Note that as of WebLogic Server
version 7.0, the digital certificate for WebLogic Server should not
be stored in a file.
Deprecated.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | server-certchain.pem |
The full directory location of the digital certificate file
(.der or .pem) for the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that stored digital certificates in files.
The file extension ( .der or .pem)
tells WebLogic Server how to read the contents of the file.
Deprecated.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | server-cert.der |
The full directory location of the private key file
(.der or .pem) for the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store private keys in files. For a more secure deployment, Oracle recommends saving private keys in keystores.
The file extension (.der or .pem)
indicates the method that should be used to read the file.
Deprecated.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | server-key.der |
The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.
| Privileges | Read/Write |
| Type | java.lang.String |
The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
| Privileges | Read/Write |
| Type | java.lang.String |
| Encrypted | true |
The encrypted passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
To set this attribute, use
weblogic.management.EncryptionHelper.encrypt() to
encrypt the value. Then set this attribute to the output of the
encrypt() method.
To compare a password that a user enters with the encrypted
value of this attribute, go to the same WebLogic Server instance
that you used to set and encrypt this attribute and use
weblogic.management.EncryptionHelper.encrypt() to
encrypt the user-supplied password. Then compare the encrypted
values.
| Privileges | Read/Write |
| Type | byte[] |
| Encrypted | true |
Indicates whether warning messages are logged in the server log when SSL connections are rejected.
| Available Since | Release 8.1.0.0 |
| Privileges | Read/Write |
| Type | boolean |
| Default Value | true |
The full directory location of the file that specifies the certificate authorities trusted by the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store trusted certificate authorities in files.
The file specified in this attribute can contain a single
digital certificate or multiple digital certificates. The file
extension ( .der or .pem) tells WebLogic
Server how to read the contents of the file.
Deprecated.
| Privileges | Read/Write |
| Type | java.lang.String |
| Default Value | trusted-ca.pem |
The form of SSL that should be used.
By default, WebLogic Server is configured to use one-way SSL
(implied by the Client Certs Not Requested value).
Selecting Client Certs Requested But Not Enforced
enables two-way SSL. With this option, the server requests a
certificate from the client, but the connection continues if the
client does not present a certificate. Selecting Client Certs
Requested And Enforced also enables two-way SSL and requires
a client to present a certificate. However, if a certificate is not
presented, the SSL connection is terminated.
| Privileges | Read/Write |
| Type | boolean |
| Secure value | true |
Returns the type of the MBean.
| Privileges | Read only |
| Type | java.lang.String |
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Determines whether to use the configured client SSL certificate
as identity for outbound SSL connections. Note that to use a
client SSL certificate, one must be specified in setClientCertAlias.
For more information, see:
| Privileges | Read/Write |
| Type | boolean |
Sets whether the client should use the server certificates/key as the client identity when initiating an outbound connection over https.
| Privileges | Read/Write |
| Type | boolean |
This section describes the following operations:
If the specified attribute has not been set explicitly, and if the attribute has a default value, this operation forces the MBean to persist the default value.
Unless you use this operation, the default value is not saved and is subject to change if you update to a newer release of WebLogic Server. Invoking this operation isolates this MBean from the effects of such changes.
To insure that you are freezing the default value, invoke the
restoreDefaultValue operation before you invoke
this.
This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute for which some other value has been set.
Deprecated.
| Operation Name | "freezeCurrentValue" |
| Parameters | Object [] { attributeName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
return all properties' names whose value is inherited from template mbean. this is a convenient method to get inheritance info on multiple properties in one jmx call.
| Operation Name | "getInheritedProperties" |
| Parameters | Object [] { propertyNames }
where:
|
| Signature | String [] {
"[Ljava.lang.String;" } |
| Returns |
class |
Check if the value of a property is inherited from template mbean or not.
| Operation Name | "isInherited" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
boolean
|
Returns true if the specified attribute has been set explicitly in this MBean instance.
| Operation Name | "isSet" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
boolean
|
If the specified attribute has a default value, this operation removes any value that has been set explicitly and causes the attribute to use the default value.
Default values are subject to change if you update to a newer
release of WebLogic Server. To prevent the value from changing if
you update to a newer release, invoke the
freezeCurrentValue operation.
This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute that is already using the default.
Deprecated.
| Operation Name | "restoreDefaultValue" |
| Parameters | Object [] { attributeName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|
| Exceptions |
|
Restore the given property to its default value.
| Operation Name | "unSet" |
| Parameters | Object [] { propertyName }
where:
|
| Signature | String [] {
"java.lang.String" } |
| Returns |
void
|