Technical data
14 Managing Security
14-56 Administration Guide
Note: In previous releases of WebLogic Server, it was possible to define digital
certificates that were self-signed and not validated in the Server Certificate
File Name attribute (or in the
weblogic.security.certificate.server
property). This was not a good security policy. Now WebLogic Server
requires that both the Server Certificate File Name and the Server Certificate
Chain File Name attributes be defined.
Export Key Lifespan Number of times WebLogic Server uses an exportable key
between a domestic server and an exportable client before
generating a new one. The more secure you want WebLogic
Server to be, the fewer times the key should be used before
a new one is generated. The default is to use it 500 times.
Login Timeout Millis Number of milliseconds that WebLogic Server should wait
for an SSL connection before timing out. SSL connections
take longer to negotiate than regular connections. If clients
are connecting over the Internet, raise the default number to
accommodate additional network latency. The default value
is 25,000 milliseconds.
Certificate Cache Size Number of digital certificates that are tokenized and stored
by WebLogic Server. The default is 3.
Ignore HostName
Verification
Disables the default Host Name Verifier. The Host Name
Verifier compares the Subject DN of a digital certificate to
the host name of the server that initiated the SSL connection.
Check this attribute if you do not want host name verification
performed (for example, if you are using the demonstration
digital certificates shipped with WebLogic Server).
Disabling this attribute leaves WebLogic Server vulnerable
to man-in-the-middle attacks.
BEA does not recommend using the demonstration digital
certificates or disabling host name verification in any type of
production environment.
HostName Verifier Name of the Java class that implements the Host Name
Verifier interface. For more information about using the
weblogic.security.SSL.HostNameVerifier
interface, see Using a Custom HostName Verifier.
Table 14-18 SSL Protocol Attributes
Attribute Description