CertRevocCaMBean

Overview

This MBean represents the configuration of certificate revocation checking for a specific certificate authority. Default values for attributes in this MBean are derived from CertRevocMBean.

Attributes

This section describes the following attributes:

CachingDisabled

Private property that disables caching in proxies.

This attribute is not dynamic and requires a server restart to take effect.

CheckingDisabled

For this CA, determines whether certificate revocation checking is disabled.

CrlDpBackgroundDownloadEnabled

For this CA, determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

CrlDpDownloadTimeout

For this CA, determines the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

CrlDpEnabled

For this CA, determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.

CrlDpUrl

For this CA, determines the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.

For more information, see:

• getCrlDpUrlUsage

CrlDpUrlUsage

For this CA, determines how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.

For more information, see:

• getCrlDpUrl

DistinguishedName

Determines the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.

For example:

"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US"

This will be used to match this configuration to issued certificates requiring revocation checking.

DynamicallyCreated

Return whether the MBean was created dynamically or is persisted to config.xml

This attribute is not dynamic and requires a server restart to take effect.

FailOnUnknownRevocStatus

For this CA, determines whether certificate path checking should fail, if revocation status could not be determined.

Id

Return the unique id of this MBean instance

This attribute is not dynamic and requires a server restart to take effect.

MBeanInfo

Returns the MBean info for this MBean.

This attribute is not dynamic and requires a server restart to take effect.

Deprecated.

MethodOrder

For this CA, determines the certificate revocation checking method order.

NOTE THAT omission of a specific method disables that method.

Name

The user-specified name of this MBean instance.

This name is included as one of the key properties in the MBean's javax.management.ObjectName:

Name=user-specified-name

This attribute is not dynamic and requires a server restart to take effect.

Notes

Optional information that you can include to describe this configuration.

WebLogic Server saves this note in the domain's configuration file (config.xml) as XML PCDATA. All left angle brackets (<) are converted to the XML entity <. Carriage returns/line feeds are preserved.

Note: If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.

This attribute is not dynamic and requires a server restart to take effect.

ObjectName

Returns the ObjectName under which this MBean is registered in the MBean server.

This attribute is not dynamic and requires a server restart to take effect.

Deprecated.

OcspNonceEnabled

For this CA, determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

OcspResponderCertIssuerName

For this CA, determines the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".

The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".

When OcspResponderCertIssuerName returns a non-null value then the OcspResponderCertSerialNumber must also be set.

For more information, see:

• getOcspResponderExplicitTrustMethod

OcspResponderCertSerialNumber

For this CA, determines the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER".

The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".

When OcspResponderCertSerialNumber returns a non-null value then the OcspResponderCertIssuerName must also be set.

For more information, see:

• getOcspResponderExplicitTrustMethod

OcspResponderCertSubjectName

For this CA, determines the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT".

The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".

In cases where the subject name alone is not sufficient to uniquely identify the certificate, then both the OcspResponderCertIssuerName and OcspResponderCertSerialNumber may be used instead.

For more information, see:

• getOcspResponderExplicitTrustMethod

OcspResponderExplicitTrustMethod

For this CA, determines whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.

The valid values:

"NONE"

Explicit Trust is disabled

"USE_SUBJECT"

Identify the trusted certificate using the subject DN specified in the attribute OcspResponderCertSubjectName.

"USE_ISSUER_SERIAL_NUMBER"

Identify the trusted certificate using the issuer DN and certificate serial number specified in the attributes OcspResponderCertIssuerName and OcspResponderCertSerialNumber, respectively.

OcspResponderUrl

For this CA, determines the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. The usage is determined by getOcspResponderUrlUsage.

For more information, see:

• getOcspResponderUrlUsage

OcspResponderUrlUsage

For this CA, determines how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.

For more information, see:

• getOcspResponderUrl

OcspResponseCacheEnabled

For this CA, determines whether the OCSP response local cache is enabled.

OcspResponseTimeout

For this CA, determines the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

OcspTimeTolerance

For this CA, determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Parent

Return the immediate parent for this MBean

This attribute is not dynamic and requires a server restart to take effect.

Registered

Returns false if the MBean represented by this object has been unregistered.

This attribute is not dynamic and requires a server restart to take effect.

Deprecated.

Tags

Return all tags on this Configuration MBean

This attribute is dynamic and takes effect immediately.

Type

Returns the type of the MBean.

This attribute is not dynamic and requires a server restart to take effect.

Operations

This section describes the following operations:

addTag

Add a tag to this Configuration MBean. Adds a tag to the current set of tags on the Configuration MBean. Tags may contain white spaces.

freezeCurrentValue

If the specified attribute has not been set explicitly, and if the attribute has a default value, this operation forces the MBean to persist the default value.

Unless you use this operation, the default value is not saved and is subject to change if you update to a newer release of WebLogic Server. Invoking this operation isolates this MBean from the effects of such changes.

Note: To insure that you are freezing the default value, invoke the restoreDefaultValue operation before you invoke this.

This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute for which some other value has been set.

Deprecated. 9.0.0.0

getInheritedProperties

Return all properties' names whose value is inherited from template mbean. this is a convenient method to get inheritance info on multiple properties in one jmx call.

isInherited

Check if the value of a property is inherited from template mbean or not.

isSet

Returns true if the specified attribute has been set explicitly in this MBean instance.

removeTag

Remove a tag from this Configuration MBean

restoreDefaultValue

If the specified attribute has a default value, this operation removes any value that has been set explicitly and causes the attribute to use the default value.

Default values are subject to change if you update to a newer release of WebLogic Server. To prevent the value from changing if you update to a newer release, invoke the freezeCurrentValue operation.

This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute that is already using the default.

Deprecated. 9.0.0.0

unSet

Restore the given property to its default value.