Jump to

• Request
• Response

View This SSL

get

/management/weblogic/{version}/serverConfig/serverTemplates/{name}/SSL

View this SSL.

Request

Path Parameters

• name: string
  The name property of the instance in the collection.
• version: string
  The version of the WebLogic REST interface.

Query Parameters

• excludeFields(optional): string
  The 'excludeFields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields whose name is not on the list will be returned. If not present, all fields are returned (unless the 'fields' query parameter is specified). Note: 'fields' must not be specified if 'excludeFields' is specified.
• excludeLinks(optional): string
  The 'excludeLinks' query parameter is used to restrict which links are returned in the response. It is a comma separated list of link relationship names. If present, only links whose relationship name is not on the list will be returned. If not present, all links are returned (unless the 'links' query parameter is specified). Note: 'links' must not be specified if 'excludeLinks' is specified.
• fields(optional): string
  The 'fields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields with matching names are returned. If not present, all fields are returned (unless the 'excludeFields' query parameter is specified). Note: 'excludeFields' must not be specified if 'fields' is specified.
• links(optional): string
  The 'links' query parameter is used to restrict which links are returned in the response. It is a comma separated list of link relationship names. If present, only links with matching relationship names are returned. If not present, all links are returned (unless the 'excludeLinks' query parameter is specified). Note: 'excludeLinks' must not be specified if 'links' is specified.

Security

• Admin: basic
  Type: basic

  Description: A user in the Admin security role.
• Deployer: basic
  Type: basic

  Description: A user in the Deployer security role.
• Monitor: basic
  Type: basic

  Description: A user in the Monitor security role.
• Operator: basic
  Type: basic

  Description: A user in the Operator security role.

Back to Top

Response

Supported Media Types

• application/json

200 Response

Returns this SSL.

Body ()

Root Schema : SSL

Type: object

Show Source

• acceptKSSDemoCertsEnabled(optional): boolean
  Default Value: true
• allowUnencryptedNullCipher(optional): boolean
  Default Value: false

  Test if the AllowUnEncryptedNullCipher is enabled

  see setAllowUnencryptedNullCipher(boolean enable) for the NullCipher feature.

• ciphersuites(optional): array Items
  Title: Items

  Indicates the cipher suites being used on a particular WebLogic Server.

  The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.

  For a list of possible values, see Cipher Suites

• clientCertAlias(optional): string
  Default Value: oracle.doceng.json.BetterJsonNull@6b4630da

  Determines the alias of the client SSL certificate to be used as identity for outbound SSL connections. The certificate is assumed to be stored in the server configured keystore.

  Note that to use the client SSL certificate, setUseClientCertForOutbound must be enabled.

• clientCertificateEnforced(optional): boolean
  Default Value: false

  Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.

  Constraints

  • doc only secure default : true
• clientCertPrivateKeyPassPhrase(optional): string(password)
  Default Value: oracle.doceng.json.BetterJsonNull@4597a4a8

  The passphrase used to retrieve the private key for the client SSL certificate specified in getClientCertAlias from the server configured keystore. This passphrase is assigned to the private key when the private key is generated.

  Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.

  Note that when you get the value of this attribute, WebLogic Server does the following:

  1. Retrieves the value of the ClientCertPrivateKeyPassPhraseEncrypted attribute.

  2. Decrypts the value and returns the unencrypted passphrase.

• clientInitSecureRenegotiationAccepted(optional): boolean
  Default Value: false

  Indicate whether TLS client initiated secure renegotiation is accepted.

• dynamicallyCreated(optional): boolean
  Read Only: true

  Default Value: false

  Return whether the MBean was created dynamically or is persisted to config.xml

• enabled(optional): boolean
  Default Value: false

  Indicates whether the server can be reached through the default SSL listen port.

  If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.

  Constraints

  • secure default : true
• exportKeyLifespan(optional): integer(int32)
  Minimum Value: 1

  Maximum Value: 2147483647

  Default Value: 500

  Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.

• hostnameVerificationIgnored(optional): boolean
  Default Value: false

  Specifies whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server).

  Constraints

  • secure default : false
• hostnameVerifier(optional): string
  Default Value: oracle.doceng.json.BetterJsonNull@7fac7ff0

  The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface.

  This class verifies whether the connection to the host with the hostname from URL should be allowed. The class is used to prevent man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.

• id(optional): integer(int64)
  Read Only: true

  Return the unique id of this MBean instance

• identityAndTrustLocations(optional): string
  Default Value: KeyStores

  Allowed Values: [ "KeyStores", "FilesOrKeyStoreProviders" ]

  Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).

  • If set to KEYSTORES, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server).

  • If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSL Trusted CA File Name, Server Certificate File Name, and Server Key File Name attributes.

  Domains created in WebLogic Server version 8.1 or later, default to KEYSTORES. Domains created before WebLogic Server version 8.1, default to FILES_OR_KEYSTORE_PROVIDERS.

• inboundCertificateValidation(optional): string
  Default Value: BuiltinSSLValidationOnly

  Allowed Values: [ "BuiltinSSLValidationOnly", "BuiltinSSLValidationAndCertPathValidators" ]

  Indicates the client certificate validation rules for inbound SSL.

  This attribute only applies to ports and network channels using 2-way SSL.

• JSSEEnabled(optional): boolean
  Default Value: true

  Determines whether the SSL implementation in Weblogic Server is JSSE based.

• listenPort(optional): integer(int32)
  Minimum Value: 1

  Maximum Value: 65535

  Default Value: 7002

  The TCP/IP port at which this server listens for SSL connection requests.

• loginTimeoutMillis(optional): integer(int32)
  Minimum Value: 1

  Maximum Value: 2147483647

  Default Value: 25000

  Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

  If clients are connecting over the Internet, raise the default number to accommodate additional network latency.

• minimumTLSProtocolVersion(optional): string

  Get the minimum SSL/TLS protocol version currently configured.

• name(optional): string
  Read Only: true

  The user-specified name of this MBean instance.

  This name is included as one of the key properties in the MBean's javax.management.ObjectName

  Name=user-specified-name

  Constraints

  • legal null
• notes(optional): string

  Optional information that you can include to describe this configuration.

  WebLogic Server saves this note in the domain's configuration file (config.xml) as XML PCDATA. All left angle brackets (<) are converted to the xml entity <. Carriage returns/line feeds are preserved.

  Note: If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.

• outboundCertificateValidation(optional): string
  Default Value: BuiltinSSLValidationOnly

  Allowed Values: [ "BuiltinSSLValidationOnly", "BuiltinSSLValidationAndCertPathValidators" ]

  Indicates the server certificate validation rules for outbound SSL.

  This attribute always applies to outbound SSL that is part of WebLogic Server (that is, an Administration Server talking to the Node Manager). It does not apply to application code in the server that is using outbound SSL unless the application code uses a weblogic.security.SSL.ServerTrustManager that is configured to use outbound SSL validation.

• outboundPrivateKeyAlias(optional): string
  Read Only: true

  Default Value: oracle.doceng.json.BetterJsonNull@5100ecaa

  The string alias used to store and retrieve the outbound private key in the keystore. This private key is associated with either a server or a client digital certificate. This attribute value is derived from other settings and cannot be physically set.

  The returned value is determined as follows:

  • If the isUseClientCertForOutbound returns true, the value from getClientCertAlias is returned.

  • Otherwise, the value from getServerPrivateKeyAlias is returned.

• outboundPrivateKeyPassPhrase(optional): string(password)
  Read Only: true

  Default Value: oracle.doceng.json.BetterJsonNull@47f5b4a6

  The passphrase used to retrieve the outbound private key from the keystore. This passphrase is assigned to the private key when it is generated. This attribute value is derived from other settings and cannot be physically set.

  The returned value is determined as follows:

  • If the isUseClientCertForOutbound returns true, the value from getClientCertPrivateKeyPassPhrase is returned.

  • Otherwise, the value from getServerPrivateKeyPassPhrase is returned.

• serverPrivateKeyAlias(optional): string
  Default Value: oracle.doceng.json.BetterJsonNull@4057a0a8

  The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.

• serverPrivateKeyPassPhrase(optional): string(password)

  The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.

• SSLRejectionLoggingEnabled(optional): boolean
  Default Value: true

  Indicates whether warning messages are logged in the server log when SSL connections are rejected.

• SSLv2HelloEnabled(optional): boolean
  Default Value: true

  Indicate whether SSLv2Hello is enabled

• tags(optional): array Items
  Title: Items

  Return all tags on this Configuration MBean

• twoWaySSLEnabled(optional): boolean
  Default Value: false

  The form of SSL that should be used.

  By default, WebLogic Server is configured to use one-way SSL (implied by the Client Certs Not Requested value). Selecting Client Certs Requested But Not Enforced enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. Selecting Client Certs Requested And Enforced also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.

  Constraints

  • doc only secure default : true
• type(optional): string
  Read Only: true

  Returns the type of the MBean.

  Constraints

  • unharvestable
• useClientCertForOutbound(optional): boolean
  Default Value: false

  Determines whether to use the configured client SSL certificate as identity for outbound SSL connections.

  Note that to use a client SSL certificate, one must be specified in setClientCertAlias

• useServerCerts(optional): boolean
  Default Value: false

  Sets whether the client should use the server certificates/key as the client identity when initiating an outbound connection over https.

{
    "type":"object",
    "properties":{
        "JSSEEnabled":{
            "default":true,
            "type":"boolean",
            "description":"<p>Determines whether the SSL implementation in Weblogic Server is JSSE based.</p>"
        },
        "SSLRejectionLoggingEnabled":{
            "default":true,
            "type":"boolean",
            "description":"<p>Indicates whether warning messages are logged in the server log when SSL connections are rejected.</p>"
        },
        "SSLv2HelloEnabled":{
            "default":true,
            "type":"boolean",
            "description":"<p>Indicate whether SSLv2Hello is enabled</p>"
        },
        "acceptKSSDemoCertsEnabled":{
            "default":true,
            "type":"boolean",
            "description":""
        },
        "allowUnencryptedNullCipher":{
            "default":false,
            "type":"boolean",
            "description":"<p>Test if the AllowUnEncryptedNullCipher is enabled</p><p>see <code>setAllowUnencryptedNullCipher(boolean enable)</code> for the NullCipher feature.</p>"
        },
        "ciphersuites":{
            "title":"Items",
            "type":"array",
            "items":{
                "type":"string",
                "description":""
            },
            "description":"<p>Indicates the cipher suites being used on a particular WebLogic Server.</p><p>The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.</p><p>For a list of possible values, see <a href=\"http://www.oracle.com/pls/topic/lookup?ctx=fmw122140&id=SECMG502\">Cipher Suites</a></p>"
        },
        "clientCertAlias":{
            "default":null,
            "type":"string",
            "description":"<p>Determines the alias of the client SSL certificate to be used as identity for outbound SSL connections. The certificate is assumed to be stored in the server configured keystore. </p><p></p><p> Note that to use the client SSL certificate, <code>setUseClientCertForOutbound</code> must be enabled.</p>"
        },
        "clientCertPrivateKeyPassPhrase":{
            "default":null,
            "type":"string",
            "format":"password",
            "description":"<p>The passphrase used to retrieve the private key for the client SSL certificate specified in <code>getClientCertAlias</code> from the server configured keystore. This passphrase is assigned to the private key when the private key is generated.</p><p>Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.</p><p>Note that when you get the value of this attribute, WebLogic Server does the following:</p><ol><li><p>Retrieves the value of the <code>ClientCertPrivateKeyPassPhraseEncrypted</code> attribute.</p></li><li><p>Decrypts the value and returns the unencrypted passphrase.</p></li></ol>"
        },
        "clientCertificateEnforced":{
            "x-weblogic-docOnlySecureDefault":true,
            "default":false,
            "type":"boolean",
            "description":"<p>Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.</p><p><h5>Constraints</h5></p><ul><li>doc only secure default : true</li></ul>"
        },
        "clientInitSecureRenegotiationAccepted":{
            "default":false,
            "type":"boolean",
            "description":"<p>Indicate whether TLS client initiated secure renegotiation is accepted.</p>"
        },
        "dynamicallyCreated":{
            "readOnly":true,
            "default":false,
            "type":"boolean",
            "description":"<p>Return whether the MBean was created dynamically or is persisted to config.xml</p>"
        },
        "enabled":{
            "x-weblogic-secureDefault":true,
            "default":false,
            "type":"boolean",
            "description":"<p>Indicates whether the server can be reached through the default SSL listen port.</p><p>If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.</p><p><h5>Constraints</h5></p><ul><li>secure default : true</li></ul>"
        },
        "exportKeyLifespan":{
            "default":500,
            "minimum":1,
            "maximum":2147483647,
            "type":"integer",
            "format":"int32",
            "description":"<p>Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.</p>"
        },
        "hostnameVerificationIgnored":{
            "x-weblogic-secureDefault":false,
            "default":false,
            "type":"boolean",
            "description":"<p>Specifies whether to ignore the installed implementation of the <code>weblogic.security.SSL.HostnameVerifier</code> interface (when this server is acting as a client to another application server).</p><p><h5>Constraints</h5></p><ul><li>secure default : false</li></ul>"
        },
        "hostnameVerifier":{
            "default":null,
            "type":"string",
            "description":"<p>The name of the class that implements the <code>weblogic.security.SSL.HostnameVerifier</code> interface.</p><p>This class verifies whether the connection to the host with the hostname from URL should be allowed. The class is used to prevent man-in-the-middle attacks. The <code>weblogic.security.SSL.HostnameVerifier</code> has a <code>verify()</code> method that WebLogic Server calls on the client during the SSL handshake.</p>"
        },
        "id":{
            "readOnly":true,
            "type":"integer",
            "format":"int64",
            "description":"<p>Return the unique id of this MBean instance</p>"
        },
        "identityAndTrustLocations":{
            "default":"KeyStores",
            "enum":[
                "KeyStores",
                "FilesOrKeyStoreProviders"
            ],
            "type":"string",
            "description":"<p>Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).</p><ul><li><p>If set to <code>KEYSTORES</code>, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server).</p></li><li><p>If set to <code>FILES_OR_KEYSTORE_PROVIDERS</code>, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSL Trusted CA File Name, Server Certificate File Name, and Server Key File Name attributes.</p></li></ul><p>Domains created in WebLogic Server version 8.1 or later, default to <code>KEYSTORES</code>. Domains created before WebLogic Server version 8.1, default to <code>FILES_OR_KEYSTORE_PROVIDERS.</code></p>"
        },
        "inboundCertificateValidation":{
            "default":"BuiltinSSLValidationOnly",
            "enum":[
                "BuiltinSSLValidationOnly",
                "BuiltinSSLValidationAndCertPathValidators"
            ],
            "type":"string",
            "description":"<p>Indicates the client certificate validation rules for inbound SSL.</p><p>This attribute only applies to ports and network channels using 2-way SSL.</p>"
        },
        "listenPort":{
            "default":7002,
            "minimum":1,
            "maximum":65535,
            "type":"integer",
            "format":"int32",
            "description":"<p>The TCP/IP port at which this server listens for SSL connection requests.</p>"
        },
        "loginTimeoutMillis":{
            "default":25000,
            "minimum":1,
            "maximum":2147483647,
            "type":"integer",
            "format":"int32",
            "description":"<p>Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.</p><p>If clients are connecting over the Internet, raise the default number to accommodate additional network latency.</p>"
        },
        "minimumTLSProtocolVersion":{
            "type":"string",
            "description":"<p>Get the minimum SSL/TLS protocol version currently configured.</p>"
        },
        "name":{
            "readOnly":true,
            "x-weblogic-legalNull":true,
            "type":"string",
            "description":"<p>The user-specified name of this MBean instance.</p><p>This name is included as one of the key properties in the MBean's <code>javax.management.ObjectName</code></p><p><code>Name=<i>user-specified-name</i></code></p><p><h5>Constraints</h5></p><ul><li>legal null</li></ul>"
        },
        "notes":{
            "type":"string",
            "description":"<p>Optional information that you can include to describe this configuration.</p><p>WebLogic Server saves this note in the domain's configuration file (<code>config.xml</code>) as XML PCDATA. All left angle brackets (<) are converted to the XML entity <code>&lt;</code>. Carriage returns/line feeds are preserved.</p><p>Note: If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.</p>"
        },
        "outboundCertificateValidation":{
            "default":"BuiltinSSLValidationOnly",
            "enum":[
                "BuiltinSSLValidationOnly",
                "BuiltinSSLValidationAndCertPathValidators"
            ],
            "type":"string",
            "description":"<p>Indicates the server certificate validation rules for outbound SSL.</p><p>This attribute always applies to outbound SSL that is part of WebLogic Server (that is, an Administration Server talking to the Node Manager). It does not apply to application code in the server that is using outbound SSL unless the application code uses a <code>weblogic.security.SSL.ServerTrustManager</code> that is configured to use outbound SSL validation.</p>"
        },
        "outboundPrivateKeyAlias":{
            "readOnly":true,
            "default":null,
            "type":"string",
            "description":"<p>The string alias used to store and retrieve the outbound private key in the keystore. This private key is associated with either a server or a client digital certificate. This attribute value is derived from other settings and cannot be physically set.</p><p>The returned value is determined as follows:</p><ul><li><p>If the <code>isUseClientCertForOutbound</code> returns true, the value from <code>getClientCertAlias</code> is returned.</p></li><li><p> Otherwise, the value from <code>getServerPrivateKeyAlias</code> is returned.</p></li></ul>"
        },
        "outboundPrivateKeyPassPhrase":{
            "readOnly":true,
            "default":null,
            "type":"string",
            "format":"password",
            "description":"<p>The passphrase used to retrieve the outbound private key from the keystore. This passphrase is assigned to the private key when it is generated. This attribute value is derived from other settings and cannot be physically set.</p><p>The returned value is determined as follows:</p><ul><li><p>If the <code>isUseClientCertForOutbound</code> returns true, the value from <code>getClientCertPrivateKeyPassPhrase</code> is returned.</p></li><li><p> Otherwise, the value from <code>getServerPrivateKeyPassPhrase</code> is returned.</p></li></ul>"
        },
        "serverPrivateKeyAlias":{
            "default":null,
            "type":"string",
            "description":"<p>The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.</p>"
        },
        "serverPrivateKeyPassPhrase":{
            "type":"string",
            "format":"password",
            "description":"<p>The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.</p>"
        },
        "tags":{
            "title":"Items",
            "type":"array",
            "items":{
                "type":"string",
                "description":""
            },
            "description":"<p>Return all tags on this Configuration MBean</p>"
        },
        "twoWaySSLEnabled":{
            "x-weblogic-docOnlySecureDefault":true,
            "default":false,
            "type":"boolean",
            "description":"<p>The form of SSL that should be used.</p><p>By default, WebLogic Server is configured to use one-way SSL (implied by the <code>Client Certs Not Requested</code> value). Selecting <code>Client Certs Requested But Not Enforced</code> enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. Selecting <code>Client Certs Requested And Enforced</code> also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.</p><p><h5>Constraints</h5></p><ul><li>doc only secure default : true</li></ul>"
        },
        "type":{
            "readOnly":true,
            "x-weblogic-unharvestable":true,
            "type":"string",
            "description":"<p>Returns the type of the MBean.</p><p><h5>Constraints</h5></p><ul><li>unharvestable</li></ul>"
        },
        "useClientCertForOutbound":{
            "default":false,
            "type":"boolean",
            "description":"<p>Determines whether to use the configured client SSL certificate as identity for outbound SSL connections. </p><p></p><p> Note that to use a client SSL certificate, one must be specified in <code>setClientCertAlias</code></p>"
        },
        "useServerCerts":{
            "default":false,
            "type":"boolean",
            "description":"<p>Sets whether the client should use the server certificates/key as the client identity when initiating an outbound connection over https.</p>"
        }
    },
    "description":""
}

Nested Schema : Items

Type: array

Title: Items

Indicates the cipher suites being used on a particular WebLogic Server.

The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.

For a list of possible values, see Cipher Suites

Show Source

• Array of: string

{
    "title":"Items",
    "type":"array",
    "items":{
        "type":"string",
        "description":""
    },
    "description":"<p>Indicates the cipher suites being used on a particular WebLogic Server.</p><p>The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.</p><p>For a list of possible values, see <a href=\"http://www.oracle.com/pls/topic/lookup?ctx=fmw122140&id=SECMG502\">Cipher Suites</a></p>"
}

Nested Schema : Items

Type: array

Title: Items

Return all tags on this Configuration MBean

Show Source

• Array of: string

{
    "title":"Items",
    "type":"array",
    "items":{
        "type":"string",
        "description":""
    },
    "description":"<p>Return all tags on this Configuration MBean</p>"
}

Back to Top