|
Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
public interface SSLMBean
This MBean represents the configuration of the SSL protocol.
| Field Summary | |
|---|---|
static String |
BUILTIN_SSL_VALIDATION_AND_CERT_PATH_VALIDATORSIndicates that the built-in SSL certificate validation should be used to complete and validate the peer's certificate chain then the configured CertPathValidator security providers should be used to perform extra validation on the chain. |
static String |
BUILTIN_SSL_VALIDATION_ONLYIndicates that only the built-in SSL certificate validation should be used to complete and validate the peer's certificate chain. |
static String |
IDENTITY_AND_TRUST_LOCATIONS_FILES_OR_KEYSTORE_PROVIDERS |
static String |
IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES |
| Fields inherited from interface weblogic.management.configuration.ConfigurationMBean |
|---|
DEFAULT_EMPTY_BYTE_ARRAY |
| Method Summary | |
|---|---|
abstract String[] |
getCiphersuites()Indicates the cipher suites being used on a particular WebLogic Server. |
abstract String |
getClientCertAlias()Determines the alias of the client SSL certificate to be used as identity for outbound SSL connections. |
abstract String |
getClientCertPrivateKeyPassPhrase()The passphrase used to retrieve the private key for the client SSL certificate specified in |
abstract byte[] |
getClientCertPrivateKeyPassPhraseEncrypted()The encrypted passphrase used to retrieve the private key for the client SSL certificate specified in |
abstract int |
getExportKeyLifespan()Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. |
abstract String |
getHostnameVerifier()The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface. |
abstract String |
getIdentityAndTrustLocations()Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs). |
abstract String |
getInboundCertificateValidation()Indicates the client certificate validation rules for inbound SSL. |
abstract int |
getListenPort()The TCP/IP port at which this server listens for SSL connection requests. |
abstract int |
getLoginTimeoutMillis()Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. |
abstract String |
getMinimumTLSProtocolVersion()Get the minimum SSL/TLS protocol version currently configured. |
abstract String |
getOutboundCertificateValidation()Indicates the server certificate validation rules for outbound SSL. |
abstract String |
getOutboundPrivateKeyAlias()The string alias used to store and retrieve the outbound private key in the keystore. |
abstract String |
getOutboundPrivateKeyPassPhrase()The passphrase used to retrieve the outbound private key from the keystore. |
abstract String |
getServerCertificateChainFileName()Deprecated. 7.0.0.0 server certificates (and chains) should be stored in keystores. |
abstract String |
getServerCertificateFileName()Deprecated. 8.1.0.0 server certificates (and chains) should be stored in keystores. |
abstract String |
getServerKeyFileName()Deprecated. 8.1.0.0 private keys should be stored in keystores. |
abstract String |
getServerPrivateKeyAlias()The string alias used to store and retrieve the server's private key in the keystore. |
abstract String |
getServerPrivateKeyPassPhrase()The passphrase used to retrieve the server's private key from the keystore. |
abstract byte[] |
getServerPrivateKeyPassPhraseEncrypted()The encrypted passphrase used to retrieve the server's private key from the keystore. |
abstract String |
getTrustedCAFileName()Deprecated. 8.1.0.0 trusted CAs should be stored in keystores. |
abstract boolean |
isAcceptKSSDemoCertsEnabled() |
abstract boolean |
isAllowUnencryptedNullCipher()Test if the AllowUnEncryptedNullCipher is enabled |
abstract boolean |
isClientCertificateEnforced()Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server. |
abstract boolean |
isEnabled()Indicates whether the server can be reached through the default SSL listen port. |
abstract boolean |
isHostnameVerificationIgnored()Specifies whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server). |
abstract boolean |
isJSSEEnabled()Determines whether the SSL implementation in Weblogic Server is JSSE based. |
abstract boolean |
isSSLRejectionLoggingEnabled()Indicates whether warning messages are logged in the server log when SSL connections are rejected. |
abstract boolean |
isSSLv2HelloEnabled()Indicate whether SSLv2Hello is enabled |
abstract boolean |
isTwoWaySSLEnabled()The form of SSL that should be used. |
abstract boolean |
isUseClientCertForOutbound()Determines whether to use the configured client SSL certificate as identity for outbound SSL connections. |
abstract boolean |
isUseServerCerts()Sets whether the client should use the server certificates/key as the client identity when initiating an outbound connection over https. |
abstract void |
setAcceptKSSDemoCertsEnabled(boolean acceptKSSDemoCertsEnabled)Sets whether the default Hostname Verifier accept KSS Demo SSL Certificates |
abstract void |
setAllowUnencryptedNullCipher(boolean enable)When a SSL server and a SSL client try to negotiate a commonly supported Cipher, there is a chance that they may end up with nothing in common. |
abstract void |
setCertAuthenticator(String classname)Sets the value of the CertAuthenticator attribute. |
abstract void |
setCiphersuites(String[] ciphers)Sets the value of the Ciphersuites attribute. |
abstract void |
setClientCertAlias(String alias)Specifies the alias of the client SSL certificate to be used as identity for outbound SSL connections. |
abstract void |
setClientCertificateEnforced(boolean enforce)Sets the value of the ClientCertificateEnforced attribute. |
abstract void |
setClientCertPrivateKeyPassPhrase(String phrase)Specifies the passphrase used to retrieve the private key for the client SSL certificate specified in |
abstract void |
setClientCertPrivateKeyPassPhraseEncrypted(byte[] phraseEncrypted)Specifies the encrypted passphrase used to retrieve the private key for the client SSL certificate specified in |
abstract void |
setEnabled(boolean enable) |
abstract void |
setExportKeyLifespan(int lifespan)Sets the value of the ExportKeyLifespan attribute. |
abstract void |
setHostnameVerificationIgnored(boolean ignoreFlag)Sets the value of the HostnameVerificationIgnored attribute. |
abstract void |
setHostnameVerifier(String classname)Sets the value of the HostnameVerifier attribute. |
abstract void |
setIdentityAndTrustLocations(String locations)Sets the value of the IdentityAndTrustLocations attribute. |
abstract void |
setInboundCertificateValidation(String validationStyle)Sets the value of the InboundCertificateValidation attribute. |
abstract void |
setJSSEEnabled(boolean enabled)Specifies whether the SSL implementation in Weblogic Server is JSSE based. |
abstract void |
setListenPort(int port)Set the value of the ListenPort attribute. |
abstract void |
setLoginTimeoutMillis(int millis)Sets the value of the LoginTimeoutMillis attribute. |
abstract void |
setMinimumTLSProtocolVersion(String minimumTLSProtocolVersion)Set the minimum SSL/TLS protocol version |
abstract void |
setOutboundCertificateValidation(String validationStyle)Sets the value of the OutboundCertificateValidation attribute. |
abstract void |
setServerCertificateChainFileName(String fileName)Deprecated. 7.0.0.0 Server certificates (and chains) should be stored in keystores. |
abstract void |
setServerCertificateFileName(String fileName)Deprecated. 8.1.0.0 server certificates (and chains) should be stored in keystores. |
abstract void |
setServerKeyFileName(String fileName)Deprecated. 8.1.0.0 private keys should be stored in keystores. |
abstract void |
setServerPrivateKeyAlias(String alias)Sets the value of the ServerPrivateKeyAlias attribute. |
abstract void |
setServerPrivateKeyPassPhrase(String phrase)Sets the value of the ServerPrivateKeyPassPhrase attribute. |
abstract void |
setServerPrivateKeyPassPhraseEncrypted(byte[] phraseEncrypted)Sets the value of the ServerPrivateKeyPassPhrase attribute. |
abstract void |
setSSLRejectionLoggingEnabled(boolean enabled)Sets the value of the SSLRejectionLoggingEnabled attribute. |
abstract void |
setTrustedCAFileName(String fileName)Deprecated. 8.1.0.0 trusted CAs should be stored in keystores. |
abstract void |
setTwoWaySSLEnabled(boolean enabled)Sets the value of the TwoWaySSLEnabled attribute. |
abstract void |
setUseClientCertForOutbound(boolean enabled)Specifies whether to use the configured client SSL certificate as identity for outbound SSL connections. |
abstract void |
setUseServerCerts(boolean enabled)Indicates that an https client running within WebLogic server should use the server's certificate and key as the client identity. |
| Methods inherited from interface weblogic.management.configuration.ConfigurationMBean |
|---|
freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet |
| Methods inherited from interface weblogic.management.WebLogicMBean |
|---|
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent |
| Methods inherited from interface javax.management.DynamicMBean |
|---|
getAttribute, getAttributes, invoke, setAttribute, setAttributes |
| Methods inherited from interface javax.management.MBeanRegistration |
|---|
postDeregister, postRegister, preDeregister, preRegister |
| Methods inherited from interface javax.management.NotificationBroadcaster |
|---|
addNotificationListener, getNotificationInfo, removeNotificationListener |
| Methods inherited from interface weblogic.descriptor.DescriptorBean |
|---|
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener |
| Field Detail |
|---|
static final String IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES
static final String IDENTITY_AND_TRUST_LOCATIONS_FILES_OR_KEYSTORE_PROVIDERS
static final String BUILTIN_SSL_VALIDATION_ONLY
static final String BUILTIN_SSL_VALIDATION_AND_CERT_PATH_VALIDATORS
| Method Detail |
|---|
boolean isEnabled()
Indicates whether the server can be reached through the default SSL listen port.
If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.
void setEnabled(boolean enable)
throws InvalidAttributeValueException
enable - The new enabled valueInvalidAttributeValueExceptionSSLMBean.isEnabled()String[] getCiphersuites()
Indicates the cipher suites being used on a particular WebLogic Server.
The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.
For a list of possible values, see Cipher Suites.
void setCiphersuites(String[] ciphers)
throws InvalidAttributeValueException
Sets the value of the Ciphersuites attribute.
ciphers - The new ciphersuites valueInvalidAttributeValueException - if the array is null or contains null elements.SSLMBean.getCiphersuites()
void setCertAuthenticator(String classname)
throws InvalidAttributeValueException
Sets the value of the CertAuthenticator attribute.
classname - The new certAuthenticator valueInvalidAttributeValueExceptionSSLMBean.getCertAuthenticator()String getHostnameVerifier()
The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface.
This class verifies whether the connection to the host with the hostname from URL should be allowed. The class is used to prevent man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.
void setHostnameVerifier(String classname)
throws InvalidAttributeValueException
Sets the value of the HostnameVerifier attribute.
classname - The new hostnameVerifier valueInvalidAttributeValueExceptionSSLMBean.getHostnameVerifier()boolean isHostnameVerificationIgnored()
Specifies whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server).
void setHostnameVerificationIgnored(boolean ignoreFlag)
throws InvalidAttributeValueException
Sets the value of the HostnameVerificationIgnored attribute.
ignoreFlag - The new hostnameVerificationIgnored valueInvalidAttributeValueExceptionSSLMBean.isHostnameVerificationIgnored()String getTrustedCAFileName()
The full directory location of the file that specifies the certificate authorities trusted by the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store trusted certificate authorities in files.
The file specified in this attribute can contain a single digital certificate or multiple digital certificates. The file extension ( .der or .pem) tells WebLogic Server how to read the contents of the file.
void setTrustedCAFileName(String fileName)
throws InvalidAttributeValueException
Sets the value of the TrustedCAFileName attribute.
fileName - The new trustedCAFileName valueInvalidAttributeValueExceptionSSLMBean.getTrustedCAFileName()boolean isAcceptKSSDemoCertsEnabled()
void setAcceptKSSDemoCertsEnabled(boolean acceptKSSDemoCertsEnabled)
Sets whether the default Hostname Verifier accept KSS Demo SSL Certificates
acceptKSSDemoCertsEnabled - whether to accept KSS Demo SSL certificatesint getExportKeyLifespan()
Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.
void setExportKeyLifespan(int lifespan)
throws InvalidAttributeValueException
Sets the value of the ExportKeyLifespan attribute.
lifespan - The new exportKeyLifespan valueInvalidAttributeValueExceptionSSLMBean.getExportKeyLifespan()boolean isClientCertificateEnforced()
Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
void setClientCertificateEnforced(boolean enforce)
Sets the value of the ClientCertificateEnforced attribute.
enforce - The new clientCertificateEnforced valueSSLMBean.isClientCertificateEnforced()String getServerCertificateFileName()
The full directory location of the digital certificate file (.der or .pem) for the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that stored digital certificates in files.
The file extension ( .der or .pem) tells WebLogic Server how to read the contents of the file.
void setServerCertificateFileName(String fileName)
Sets the value of the ServerCertificateFileName attribute.
fileName - The new serverCertificateFileName valueSSLMBean.getServerCertificateFileName()int getListenPort()
The TCP/IP port at which this server listens for SSL connection requests.
SSLMBean.isEnabled(), ServerTemplateMBean.getListenPort(), ServerTemplateMBean.getAdministrationPort(), NetworkAccessPointMBean.getListenPort()void setListenPort(int port)
Set the value of the ListenPort attribute.
port - The new listenPort valueSSLMBean.getListenPort()String getServerCertificateChainFileName()
The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server.
The .pem file extension indicates that method that should be used to read the file. Note that as of WebLogic Server version 7.0, the digital certificate for WebLogic Server should not be stored in a file.
void setServerCertificateChainFileName(String fileName)
Sets the value of the ServerCertificateChainFileName attribute.
fileName - The new serverCertificateChainFileName valueSSLMBean.getServerCertificateChainFileName()int getLoginTimeoutMillis()
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.
If clients are connecting over the Internet, raise the default number to accommodate additional network latency.
ServerTemplateMBean.getLoginTimeoutMillis(), NetworkChannelMBean.getLoginTimeoutMillisSSL()void setLoginTimeoutMillis(int millis)
Sets the value of the LoginTimeoutMillis attribute.
millis - The new loginTimeoutMillis valueSSLMBean.getLoginTimeoutMillis()String getServerKeyFileName()
The full directory location of the private key file (.der or .pem) for the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store private keys in files. For a more secure deployment, Oracle recommends saving private keys in keystores.
The file extension (.der or .pem) indicates the method that should be used to read the file.
void setServerKeyFileName(String fileName)
Sets the value of the ServerKeyFileName attribute.
fileName - The new serverKeyFileName valueSSLMBean.getServerKeyFileName()boolean isTwoWaySSLEnabled()
The form of SSL that should be used.
By default, WebLogic Server is configured to use one-way SSL (implied by the Client Certs Not Requested value). Selecting Client Certs Requested But Not Enforced enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. Selecting Client Certs Requested And Enforced also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.
void setTwoWaySSLEnabled(boolean enabled)
Sets the value of the TwoWaySSLEnabled attribute.
enabled - The new twoWaySSLEnabled valueSSLMBean.isTwoWaySSLEnabled()String getServerPrivateKeyAlias()
The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.
void setServerPrivateKeyAlias(String alias)
Sets the value of the ServerPrivateKeyAlias attribute.
alias - The new serverPrivateKeyAlias valueSSLMBean.getServerPrivateKeyAlias()String getServerPrivateKeyPassPhrase()
The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
void setServerPrivateKeyPassPhrase(String phrase)
Sets the value of the ServerPrivateKeyPassPhrase attribute.
As of 8.1 sp4, when you get the value of this attribute, WebLogic Server does the following:
ServerPrivateKeyPassPhraseEncrypted attribute.When you set the value of this attribute, WebLogic Server does the following:
ServerPrivateKeyPassPhraseEncrypted attribute to the encrypted value.Using this attribute (ServerPrivateKeyPassPhrase) is a potential security risk because the String object (which contains the unencrypted passphrase) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.
Instead of using this attribute, use getServerPrivateKeyPassPhraseEncrypted.
phrase - The new serverPrivateKeyPassPhrase valueSSLMBean.getServerPrivateKeyPassPhrase(), SSLMBean.setServerPrivateKeyPassPhraseEncrypted(byte[])byte[] getServerPrivateKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.
To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.
void setServerPrivateKeyPassPhraseEncrypted(byte[] phraseEncrypted)
Sets the value of the ServerPrivateKeyPassPhrase attribute.
phraseEncrypted - The new encrypted serverPrivateKeyPassPhrase valueSSLMBean.getServerPrivateKeyPassPhraseEncrypted()boolean isSSLRejectionLoggingEnabled()
Indicates whether warning messages are logged in the server log when SSL connections are rejected.
void setSSLRejectionLoggingEnabled(boolean enabled)
Sets the value of the SSLRejectionLoggingEnabled attribute.
enabled - The new sSLRejectionLoggingEnabled valueSSLMBean.isSSLRejectionLoggingEnabled()String getIdentityAndTrustLocations()
Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).
If set to KEYSTORES, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server).
If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSL Trusted CA File Name, Server Certificate File Name, and Server Key File Name attributes.
Domains created in WebLogic Server version 8.1 or later, default to KEYSTORES. Domains created before WebLogic Server version 8.1, default to FILES_OR_KEYSTORE_PROVIDERS.
void setIdentityAndTrustLocations(String locations)
Sets the value of the IdentityAndTrustLocations attribute.
locations - The new identityAndTrustLocations valueSSLMBean.getIdentityAndTrustLocations()String getInboundCertificateValidation()
Indicates the client certificate validation rules for inbound SSL.
This attribute only applies to ports and network channels using 2-way SSL.
void setInboundCertificateValidation(String validationStyle)
Sets the value of the InboundCertificateValidation attribute.
validationStyle - the new validation styleSSLMBean.getInboundCertificateValidation()String getOutboundCertificateValidation()
Indicates the server certificate validation rules for outbound SSL.
This attribute always applies to outbound SSL that is part of WebLogic Server (that is, an Administration Server talking to the Node Manager). It does not apply to application code in the server that is using outbound SSL unless the application code uses a weblogic.security.SSL.ServerTrustManager that is configured to use outbound SSL validation.
void setOutboundCertificateValidation(String validationStyle)
Sets the value of the OutboundCertificateValidation attribute.
validationStyle - the new validation styleSSLMBean.getOutboundCertificateValidation()void setAllowUnencryptedNullCipher(boolean enable)
When a SSL server and a SSL client try to negotiate a commonly supported Cipher, there is a chance that they may end up with nothing in common. A NullCipher is a cipher providing no encryption for the SSL message between the client and server, and it may temporarily be used in the development environment if the SSL server and client share no common cipher for some reason. This is not a standard SSL feature, some SSL provider supports this feature
The AllowUnEncryptedNullCipher flag is used to control whether the NullCipher feature is enabled or not, if true, the SSL message may be unencrypted when SSL server and client shares no common cipher.
This AllowUnEncryptedNullCipher flag is only effective to SSL providers which support the NullCipher feature.
Warning: this NullCipher feature should NOT be enabled for a production environment, it may leads to unencrypted SSL message
By default, the AllowUnEncryptedNullCipher is false
enable - true to allow NullCipher featureboolean isAllowUnencryptedNullCipher()
Test if the AllowUnEncryptedNullCipher is enabled
see setAllowUnencryptedNullCipher(boolean enable) for the NullCipher feature.
boolean isUseServerCerts()
void setUseServerCerts(boolean enabled)
enabled - Uses the server identity for the clientvoid setJSSEEnabled(boolean enabled)
enabled - true to select the JSSE-based SSL implementationboolean isJSSEEnabled()
true if the selected Weblogic Server SSL implementation is JSSE based, otherwise false.void setUseClientCertForOutbound(boolean enabled)
Note that to use a client SSL certificate, one must be specified in SSLMBean.setClientCertAlias(java.lang.String)
enabled - true to enable use of the configured client SSL certificate for outbound connections, otherwise false.SSLMBean.isUseClientCertForOutbound(), SSLMBean.setClientCertAlias(java.lang.String)boolean isUseClientCertForOutbound()
Note that to use a client SSL certificate, one must be specified in SSLMBean.setClientCertAlias(java.lang.String)
true if use of the configured client SSL certificate for outbound SSL connections is enabled.SSLMBean.setUseClientCertForOutbound(boolean), SSLMBean.getClientCertAlias()void setClientCertAlias(String alias)
Note that to use the client SSL certificate, SSLMBean.setUseClientCertForOutbound(boolean)
alias - Alias of the client SSL certificate in the server configured keystoreSSLMBean.getClientCertAlias(), SSLMBean.setUseClientCertForOutbound(boolean)String getClientCertAlias()
Note that to use the client SSL certificate, SSLMBean.setUseClientCertForOutbound(boolean)
SSLMBean.setClientCertAlias(java.lang.String), SSLMBean.isUseClientCertForOutbound()String getClientCertPrivateKeyPassPhrase()
The passphrase used to retrieve the private key for the client SSL certificate specified in SSLMBean.getClientCertAlias()
Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.
Note that when you get the value of this attribute, WebLogic Server does the following:
ClientCertPrivateKeyPassPhraseEncrypted attribute.SSLMBean.setClientCertPrivateKeyPassPhrase(java.lang.String), SSLMBean.isUseClientCertForOutbound(), SSLMBean.getClientCertAlias()void setClientCertPrivateKeyPassPhrase(String phrase)
SSLMBean.getClientCertAlias()Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.
Note that when you set the value of this attribute, WebLogic Server does the following:
ClientCertPrivateKeyPassPhraseEncrypted attribute to the encrypted value.phrase - The client SSL certificate private key pass phrase.SSLMBean.getClientCertPrivateKeyPassPhrase(), SSLMBean.setUseClientCertForOutbound(boolean), SSLMBean.setClientCertAlias(java.lang.String)byte[] getClientCertPrivateKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the private key for the client SSL certificate specified in SSLMBean.getClientCertAlias()
To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute, and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.
Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.
SSLMBean.setClientCertPrivateKeyPassPhraseEncrypted(byte[]), SSLMBean.isUseClientCertForOutbound(), SSLMBean.getClientCertAlias(), SSLMBean.getClientCertPrivateKeyPassPhrase()void setClientCertPrivateKeyPassPhraseEncrypted(byte[] phraseEncrypted)
SSLMBean.getClientCertAlias()Note that to set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.
Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.
phraseEncrypted - The encrypted ClientCertPrivateKeyPassPhrase valueSSLMBean.getClientCertPrivateKeyPassPhraseEncrypted(), SSLMBean.setUseClientCertForOutbound(boolean), SSLMBean.setClientCertAlias(java.lang.String), SSLMBean.setClientCertPrivateKeyPassPhrase(java.lang.String)String getOutboundPrivateKeyAlias()
The string alias used to store and retrieve the outbound private key in the keystore. This private key is associated with either a server or a client digital certificate. This attribute value is derived from other settings and cannot be physically set.
The returned value is determined as follows:
SSLMBean.isUseClientCertForOutbound()SSLMBean.getClientCertAlias()SSLMBean.getServerPrivateKeyAlias()SSLMBean.isUseClientCertForOutbound(), SSLMBean.getClientCertAlias(), SSLMBean.getServerPrivateKeyAlias()String getOutboundPrivateKeyPassPhrase()
The passphrase used to retrieve the outbound private key from the keystore. This passphrase is assigned to the private key when it is generated. This attribute value is derived from other settings and cannot be physically set.
The returned value is determined as follows:
SSLMBean.isUseClientCertForOutbound()SSLMBean.getClientCertPrivateKeyPassPhrase()SSLMBean.getServerPrivateKeyPassPhrase()SSLMBean.isUseClientCertForOutbound(), SSLMBean.getClientCertPrivateKeyPassPhrase(), SSLMBean.getServerPrivateKeyPassPhrase()String getMinimumTLSProtocolVersion()
SSLMBean.setMinimumTLSProtocolVersion(String)
void setMinimumTLSProtocolVersion(String minimumTLSProtocolVersion)
throws InvalidAttributeValueException
minimumTLSProtocolVersion - the new minimum SSL/TLS protocol versionInvalidAttributeValueExceptionboolean isSSLv2HelloEnabled()
|
Copyright 1996, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||