Package weblogic.management.configuration

Interface CertificateManagementMBean

All Superinterfaces:

ConfigurationMBean, ConfigurationPropertiesMBean, DescriptorBean, javax.management.DynamicMBean, javax.management.MBeanRegistration, javax.management.NotificationBroadcaster, SettableBean, WebLogicMBean

public interface CertificateManagementMBean
extends ConfigurationPropertiesMBean

Provides configuration for the WebLogic Certificate Management Service.

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

Modifier and Type	Method	Description
CertificateIssuerPluginMBean	createCertificateIssuerPlugin(java.lang.String name)	Creates a new CertificateIssuerPlugin instance in the domain
void	destroyCertificateIssuerPlugin(CertificateIssuerPluginMBean certificateIssuerPluginMBean)	Deletes a CertificateIssuerPluginMBean
int	getCertificateAuthorityValidityPeriod()	Returns the validity period (certificate lifetime) that the Domain Certificates Issuer should set when generating a new Certificate Authority certificate.
int	getCertificateCheckInterval()	Returns the certificate check interval -- how often the Certificate Management Service should check for/refresh expiring certificates (in days).
CertificateIssuerPluginMBean[]	getCertificateIssuerPlugins()	Returns the CertificateIssuerPlugins for this Domain.
int	getCertificateRefreshWindow()	Returns the certificate refresh window.
int	getCertificateValidityPeriod()	Returns the validity period (certificate lifetime) that the Domain Certificates Issuer should set when generating a new certificate.
java.lang.String	getSubjectAlternativeNames()	A space- or comma-separated list of words representing the Subject Alternative Names that the Domain Certificates Issuer should include when generating a server certificate.
java.lang.String	getSubjectCommonName()	The name the Domain Certificates Issuer should use for the CN attribute of a certificate's Subject: either the local hostname (hostname) or the server's listen address (listen_address).
boolean	isEnabled()	Returns true or false to indicate whether the Certificate Management Service is enabled or not.
boolean	isIncludeRootCertificateInChain()	Whether the Domain Certificates Issuer should include the self-signed root CA in the certificate chain for a generated certificate.
boolean	isJavaStandardTrustEnabled()	Whether or not the domain should trust the Java Standard Trust certificates, in addition to the Domain Certificate Authority certificate(s) and any Provisioned Trust certificates.
boolean	isProvisionedCertificatesIssuerEnabled()	Returns true or false to indicate whether the Provisioned Certificates Issuer is enabled or not.
boolean	isSinglePurposeCertificatesEnabled()	Returns the single purpose certificates enabled value: whether the Domain Certificates Issuer should generate separate, single-purpose certificates for different purposes (server authentication, client authentication, signing and encryption), or generate one certificate that supports all those purposes.
CertificateIssuerPluginMBean	lookupCertificateIssuerPlugin(java.lang.String name)	Looks up a CertificateIssuerPluginMBean by name.
void	setCertificateAuthorityValidityPeriod(int certificateAuthorityValidityPeriod)	Sets the certificate authority validity period (in days).
void	setCertificateCheckInterval(int certificateCheckInterval)	Sets the certificate check interval (in days).
void	setCertificateRefreshWindow(int certificateRefreshWindow)	Sets the certificate refresh window (in days).
void	setCertificateValidityPeriod(int certificateValidityPeriod)	Sets the certificate validity period (in days).
void	setEnabled(boolean isEnabled)	Enables or disables the Certificate Management Service.
void	setIncludeRootCertificateInChain(boolean isIncludeRootCertificateInChain)	Enables or disables inclusion of the self-signed root CA for Domain Certificates.
void	setJavaStandardTrustEnabled(boolean isJavaStandardTrustEnabled)	Whether or not the domain should trust the Java Standard Trust certificates in addition to the Domain Certificate Authority certificate(s) and any Provisioned Trust certificates.
void	setProvisionedCertificatesIssuerEnabled(boolean isProvisionedCertificatesIssuerEnabled)	Enables or disables the Provisioned Certificates Issuer.
void	setSinglePurposeCertificatesEnabled(boolean isSinglePurposeCertificatesEnabled)	Enables or disables single purpose certificates.
void	setSubjectAlternativeNames(java.lang.String subjectAlternativeNames)	Sets the subject alternative names.
void	setSubjectCommonName(java.lang.String subjectCommonName)	Sets the subject CN value.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Method Detail

isEnabled

boolean isEnabled()

Returns true or false to indicate whether the Certificate Management Service is enabled or not.

Returns:

The isEnabled value

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setEnabled

void setEnabled(boolean isEnabled)

Enables or disables the Certificate Management Service.

Parameters:

isEnabled - True to enable or false to disable.

isProvisionedCertificatesIssuerEnabled

boolean isProvisionedCertificatesIssuerEnabled()

Returns true or false to indicate whether the Provisioned Certificates Issuer is enabled or not.

Returns:

The isProvisionedCertificatesIssuerEnabled value

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setProvisionedCertificatesIssuerEnabled

void setProvisionedCertificatesIssuerEnabled(boolean isProvisionedCertificatesIssuerEnabled)

Enables or disables the Provisioned Certificates Issuer.

Parameters:

isProvisionedCertificatesIssuerEnabled - True to enable or false to disable

getCertificateCheckInterval

int getCertificateCheckInterval()

Returns the certificate check interval -- how often the Certificate Management Service should check for/refresh expiring certificates (in days).

Returns:

The certificateCheckInterval.

Default Value:

1

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

7

Minimum Value:

1

setCertificateCheckInterval

void setCertificateCheckInterval(int certificateCheckInterval)

Sets the certificate check interval (in days).

Parameters:

certificateCheckInterval - The number of days between certificate checks

getCertificateRefreshWindow

int getCertificateRefreshWindow()

Returns the certificate refresh window. The Certificate Management Service will refresh an expiring certificate when its remaining lifetime is less than this number of days.

Returns:

The certificateRefreshWindow

Default Value:

10

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

30

Minimum Value:

5

setCertificateRefreshWindow

void setCertificateRefreshWindow(int certificateRefreshWindow)

Sets the certificate refresh window (in days).

Parameters:

certificateRefreshWindow - How many days before expiration to refresh certificates

isSinglePurposeCertificatesEnabled

boolean isSinglePurposeCertificatesEnabled()

Returns the single purpose certificates enabled value: whether the Domain Certificates Issuer should generate separate, single-purpose certificates for different purposes (server authentication, client authentication, signing and encryption), or generate one certificate that supports all those purposes.

Returns:

The isSinglePurposeCertificatesEnabled value

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setSinglePurposeCertificatesEnabled

void setSinglePurposeCertificatesEnabled(boolean isSinglePurposeCertificatesEnabled)

Enables or disables single purpose certificates.

Parameters:

isSinglePurposeCertificatesEnabled - True to enable or false to disable

getSubjectCommonName

java.lang.String getSubjectCommonName()

The name the Domain Certificates Issuer should use for the CN attribute of a certificate's Subject: either the local hostname (hostname) or the server's listen address (listen_address).

If no listen address is configured for the server, hostname will be used instead, regardless of the value set here.

The CN value will also be added as a Subject Alternative Name (even if it is not explicitly configured as a Subject Alternative Name).

Returns:

The subjectCommonName value

Default Value:

"hostname"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Valid Values:

"hostname", "listen_address"

setSubjectCommonName

void setSubjectCommonName(java.lang.String subjectCommonName)

Sets the subject CN value.

Parameters:

subjectCommonName - The subjectName value to set

getSubjectAlternativeNames

java.lang.String getSubjectAlternativeNames()

A space- or comma-separated list of words representing the Subject Alternative Names that the Domain Certificates Issuer should include when generating a server certificate.

Each word must be one of the subject name constants defined by the CertificateConfigurationConstants interface. When generating a certificate, the Certificate Management Service replaces each constant with the corresponding value(s) obtained from the target server's configuration or the host it's running on.

The certificate's CN attribute will be included as a Subject Alternative Name even if it is not explicitly configured here.

Returns:

The subjectAlternativeNames value.

Default Value:

"hostname, address, loopback, listen_address_all, virtual_host_all"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setSubjectAlternativeNames

void setSubjectAlternativeNames(java.lang.String subjectAlternativeNames)

Sets the subject alternative names.

Parameters:

subjectAlternativeNames - The subjectAlternativeNames to set

getCertificateValidityPeriod

int getCertificateValidityPeriod()

Returns the validity period (certificate lifetime) that the Domain Certificates Issuer should set when generating a new certificate. The validity period is expressed in days.

Returns:

The certificateValidityPeriod.

Default Value:

90

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

365

Minimum Value:

15

setCertificateValidityPeriod

void setCertificateValidityPeriod(int certificateValidityPeriod)

Sets the certificate validity period (in days).

Parameters:

certificateValidityPeriod - How many days new certificates will be valid for.

getCertificateAuthorityValidityPeriod

int getCertificateAuthorityValidityPeriod()

Returns the validity period (certificate lifetime) that the Domain Certificates Issuer should set when generating a new Certificate Authority certificate. The validity period is expressed in days.

Returns:

The certificateAuthorityValidityPeriod.

Default Value:

365

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

1825

Minimum Value:

45

setCertificateAuthorityValidityPeriod

void setCertificateAuthorityValidityPeriod(int certificateAuthorityValidityPeriod)

Sets the certificate authority validity period (in days).

Parameters:

certificateAuthorityValidityPeriod - How many days new certificate authority certificates will be valid for.

isIncludeRootCertificateInChain

boolean isIncludeRootCertificateInChain()

Whether the Domain Certificates Issuer should include the self-signed root CA in the certificate chain for a generated certificate.

Returns:

The isIncludeRootCertificateInChain value

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIncludeRootCertificateInChain

void setIncludeRootCertificateInChain(boolean isIncludeRootCertificateInChain)

Enables or disables inclusion of the self-signed root CA for Domain Certificates.

Parameters:

isIncludeRootCertificateInChain - The isIncludeRootCertificateInChain value

isJavaStandardTrustEnabled

boolean isJavaStandardTrustEnabled()

Whether or not the domain should trust the Java Standard Trust certificates, in addition to the Domain Certificate Authority certificate(s) and any Provisioned Trust certificates. Java Standard Trust is a collection of well-known, trusted root certificate authorities distributed (and updated) as part of the JDK.

Returns:

The isJavaStandardTrustEnabled value

See Also:

ServerTemplateMBean.getJavaStandardTrustKeyStorePassPhrase()

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setJavaStandardTrustEnabled

void setJavaStandardTrustEnabled(boolean isJavaStandardTrustEnabled)

Whether or not the domain should trust the Java Standard Trust certificates in addition to the Domain Certificate Authority certificate(s) and any Provisioned Trust certificates.

Parameters:

isJavaStandardTrustEnabled - The isJavaStandardTrustEnabled value

getCertificateIssuerPlugins

CertificateIssuerPluginMBean[] getCertificateIssuerPlugins()

Returns the CertificateIssuerPlugins for this Domain.

Returns:

the CertificateIssuerPlugins

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

createCertificateIssuerPlugin

CertificateIssuerPluginMBean createCertificateIssuerPlugin(java.lang.String name)

Creates a new CertificateIssuerPlugin instance in the domain

Parameters:

name - The name for the new CertificateIssuerPluginMBean

Returns:

The new CertificateIssuerPluginMBean

destroyCertificateIssuerPlugin

void destroyCertificateIssuerPlugin(CertificateIssuerPluginMBean certificateIssuerPluginMBean)

Deletes a CertificateIssuerPluginMBean

Parameters:

certificateIssuerPluginMBean - The certificateIssuerPluginMBean to delete

lookupCertificateIssuerPlugin

CertificateIssuerPluginMBean lookupCertificateIssuerPlugin(java.lang.String name)

Looks up a CertificateIssuerPluginMBean by name.

Parameters:

name - The name of the CertificateIssuerPluginMBean to find

Returns:

The CertificateIssuerPluginMBean, or null if not found