1. RESTful Edit Management Interface for Oracle WebLogic Server
  2. Tasks
  3. SSL
  4. Servers
  5. SSL

View This SSL

get

/management/weblogic/{version}/edit/servers/{name}/SSL

View this SSL.

Request

Path Parameters
Query Parameters
  • The 'excludeFields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields whose name is not on the list will be returned. If not present, all fields are returned (unless the 'fields' query parameter is specified). Note: 'fields' must not be specified if 'excludeFields' is specified.
  • The 'excludeLinks' query parameter is used to restrict which links are returned in the response. It is a comma separated list of link relationship names. If present, only links whose relationship name is not on the list will be returned. If not present, all links are returned (unless the 'links' query parameter is specified). Note: 'links' must not be specified if 'excludeLinks' is specified.
  • The 'fields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields with matching names are returned. If not present, all fields are returned (unless the 'excludeFields' query parameter is specified). Note: 'excludeFields' must not be specified if 'fields' is specified.
  • The 'links' query parameter is used to restrict which links are returned in the response. It is a comma separated list of link relationship names. If present, only links with matching relationship names are returned. If not present, all links are returned (unless the 'excludeLinks' query parameter is specified). Note: 'excludeLinks' must not be specified if 'links' is specified.
Security
Back to Top

Response

Supported Media Types

200 Response

Returns this SSL.

Body ()
Root Schema : SSL
Type: object
Show Source
  • Default Value: true
  • Default Value: false

    Test if the AllowUnEncryptedNullCipher is enabled

    see setAllowUnencryptedNullCipher(boolean enable) for the NullCipher feature.

  • Items
    Title: Items

    Indicates the cipher suites being used on a particular WebLogic Server.

    The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.

    For a list of possible values, see Cipher Suites

  • Default Value: oracle.doceng.json.BetterJsonNull@7a456a79

    Determines the alias of the client SSL certificate to be used as identity for outbound SSL connections. The certificate is assumed to be stored in the server configured keystore.

    Note that to use the client SSL certificate, setUseClientCertForOutbound must be enabled.

  • Default Value: false

    Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.

    Constraints

    • doc only secure default : true
  • Default Value: oracle.doceng.json.BetterJsonNull@4100960

    The passphrase used to retrieve the private key for the client SSL certificate specified in getClientCertAlias from the server configured keystore. This passphrase is assigned to the private key when the private key is generated.

    Note that this attribute is usually used when outbound SSL connections specify a client SSL certificate identity.

    Note that when you get the value of this attribute, WebLogic Server does the following:

    1. Retrieves the value of the ClientCertPrivateKeyPassPhraseEncrypted attribute.

    2. Decrypts the value and returns the unencrypted passphrase.

  • Read Only: true
    Default Value: false

    Return whether the MBean was created dynamically or is persisted to config.xml

  • Indicates whether the server can be reached through the default SSL listen port.

    If there is no explicit setting for this attribute, it will inherit the value of the DomainMBean's SSLEnabled attribute.

    If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.

  • Items
    Title: Items

    List of cipher suites not to be used by WebLogic Server.

  • Minimum Value: 1
    Maximum Value: 2147483647
    Default Value: 500

    Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.

  • Default Value: false

    Specifies whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server).

  • Default Value: oracle.doceng.json.BetterJsonNull@48d2a802

    The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface.

    This class verifies whether the connection to the host with the hostname from URL should be allowed. The class is used to prevent man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.

  • Read Only: true

    Return the unique id of this MBean instance

  • Default Value: KeyStores
    Allowed Values: [ "KeyStores", "FilesOrKeyStoreProviders" ]

    Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).

    • If set to KEYSTORES, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server).

    • If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSL Trusted CA File Name, Server Certificate File Name, and Server Key File Name attributes.

    Domains created in WebLogic Server version 8.1 or later, default to KEYSTORES. Domains created before WebLogic Server version 8.1, default to FILES_OR_KEYSTORE_PROVIDERS.

  • Default Value: BuiltinSSLValidationOnly
    Allowed Values: [ "BuiltinSSLValidationOnly", "BuiltinSSLValidationAndCertPathValidators" ]

    Indicates the client certificate validation rules for inbound SSL.

    This attribute only applies to ports and network channels using 2-way SSL.

  • Default Value: true

    Determines whether the SSL implementation in Weblogic Server is JSSE based.

  • Minimum Value: 1
    Maximum Value: 65535

    The TCP/IP port at which this server listens for SSL connection requests.

  • Minimum Value: 1
    Maximum Value: 2147483647
    Default Value: 25000

    Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.

    If clients are connecting over the Internet, raise the default number to accommodate additional network latency.

  • Get the minimum SSL/TLS protocol version currently configured.

  • Read Only: true

    The user-specified name of this MBean instance.

    This name is included as one of the key properties in the MBean's javax.management.ObjectName

    Name=user-specified-name

    Constraints

    • legal null

  • Optional information that you can include to describe this configuration.

    WebLogic Server saves this note in the domain's configuration file (config.xml) as XML PCDATA. All left angle brackets (<) are converted to the xml entity <. Carriage returns/line feeds are preserved.

    Note: If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.

  • Default Value: BuiltinSSLValidationOnly
    Allowed Values: [ "BuiltinSSLValidationOnly", "BuiltinSSLValidationAndCertPathValidators" ]

    Indicates the server certificate validation rules for outbound SSL.

    This attribute always applies to outbound SSL that is part of WebLogic Server (that is, an Administration Server talking to the Node Manager). It does not apply to application code in the server that is using outbound SSL unless the application code uses a weblogic.security.SSL.ServerTrustManager that is configured to use outbound SSL validation.

  • Read Only: true
    Default Value: oracle.doceng.json.BetterJsonNull@4a13bf38

    The string alias used to store and retrieve the outbound private key in the keystore. This private key is associated with either a server or a client digital certificate. This attribute value is derived from other settings and cannot be physically set.

    The returned value is determined as follows:

    • If the isUseClientCertForOutbound returns true, the value from getClientCertAlias is returned.

    • Otherwise, the value from getServerPrivateKeyAlias is returned.

  • Read Only: true
    Default Value: oracle.doceng.json.BetterJsonNull@68b4e651

    The passphrase used to retrieve the outbound private key from the keystore. This passphrase is assigned to the private key when it is generated. This attribute value is derived from other settings and cannot be physically set.

    The returned value is determined as follows:

    • If the isUseClientCertForOutbound returns true, the value from getClientCertPrivateKeyPassPhrase is returned.

    • Otherwise, the value from getServerPrivateKeyPassPhrase is returned.

  • Default Value: true

    Indicates whether to honor the server cipher suites preference.

  • Default Value: oracle.doceng.json.BetterJsonNull@3cbd8edb

    The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.

  • The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.

  • Default Value: true

    Indicates whether warning messages are logged in the server log when SSL connections are rejected.

  • Default Value: true

    Indicate whether SSLv2Hello is enabled

  • Items
    Title: Items

    Return all tags on this Configuration MBean

  • Default Value: false

    The form of SSL that should be used.

    By default, WebLogic Server is configured to use one-way SSL (implied by the Client Certs Not Requested value). Selecting Client Certs Requested But Not Enforced enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. Selecting Client Certs Requested And Enforced also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.

    Constraints

    • doc only secure default : true
  • Read Only: true

    Returns the type of the MBean.

    Constraints

    • unharvestable
  • Default Value: false

    Determines whether to use the configured client SSL certificate as identity for outbound SSL connections.

    Note that to use a client SSL certificate, one must be specified in setClientCertAlias

  • Default Value: false

    Sets whether the client should use the server certificates/key as the client identity when initiating an outbound connection over https.

Nested Schema : Items
Type: array
Title: Items

Indicates the cipher suites being used on a particular WebLogic Server.

The strongest negotiated cipher suite is chosen during the SSL handshake. The set of cipher suites used by default by JSEE depends on the specific JDK version with which WebLogic Server is configured.

For a list of possible values, see Cipher Suites

Show Source
Nested Schema : Items
Type: array
Title: Items

List of cipher suites not to be used by WebLogic Server.

Show Source
Nested Schema : Items
Type: array
Title: Items

Return all tags on this Configuration MBean

Show Source
Back to Top

Examples

View this SSL.

This example uses the GET method to view this SSL.

Example Request
curl -v \
--user admin:admin123 \
-H X-Requested-By:MyClient \
-H Accept:application/json \
-X GET http://localhost:7001/management/weblogic/latest/edit/servers/AdminServer/SSL
Example Response
HTTP/1.1 200 OK

Response Body:
{
    "links": [
        {
            "rel": "parent",
            "href": "http:\//localhost:7001/management/weblogic/latest/edit/servers/AdminServer"
        },
        {
            "rel": "self",
            "href": "http:\//localhost:7001/management/weblogic/latest/edit/servers/AdminServer/SSL"
        },
        {
            "rel": "canonical",
            "href": "http:\//localhost:7001/management/weblogic/latest/edit/servers/AdminServer/SSL"
        }
    ],
    "identity": [
        "servers",
        "AdminServer",
        "SSL"
    ],
    "hostnameVerificationIgnored": false,
    "notes": null,
    "outboundPrivateKeyPassPhrase": null,
    "identityAndTrustLocations": "KeyStores",
    "serverPrivateKeyAlias": null,
    "hostnameVerifier": null,
    "clientCertAlias": null,
    "type": "SSL",
    "inboundCertificateValidation": "BuiltinSSLValidationOnly",
    "enabled": false,
    "serverPrivateKeyPassPhrase": null,
    "SSLRejectionLoggingEnabled": true,
    "clientCertPrivateKeyPassPhrase": null,
    "allowUnencryptedNullCipher": false,
    "id": 0,
    "dynamicallyCreated": false,
    "outboundPrivateKeyAlias": null,
    "SSLv2HelloEnabled": true,
    "excludedCiphersuites": [
        "TLS_RSA_*",
        "*_CBC_*"
    ],
    "exportKeyLifespan": 500,
    "serverCipherSuitesOrderEnabled": true,
    "acceptKSSDemoCertsEnabled": true,
    "twoWaySSLEnabled": false,
    "ciphersuites": [],
    "tags": [],
    "outboundCertificateValidation": "BuiltinSSLValidationOnly",
    "JSSEEnabled": true,
    "clientCertificateEnforced": false,
    "loginTimeoutMillis": 25000,
    "useServerCerts": false,
    "useClientCertForOutbound": false,
    "minimumTLSProtocolVersion": null,
    "name": "AdminServer",
    "listenPort": 7002
}
Back to Top