Technical FAQ: Questions about WebLogic SecurityFAQ Index
My sample security certificates have expired. Can they be updated? You can download an updated set and install them in your myserver/ directory, or wherever in your distribution you had installed them.
The sample certificates let you test SSL with WebLogic Server. The certificates are issued by WebLogic and are not signed by a well-known certificate authority, so they are not useful in a production environment. To purchase your own certificates, you can generate a certificate request using the Certificate Request servlet described in Using WebLogic SSL. Does WebLogic offer RSA encryption algorithms so that developers can use the javax.crypto.* API to build applications? No. WebLogic's RSA license does not permit end-users to use RSA classes directly. You must obtain your own license for the encryption libraries from RSA. For more information, see FAQs on WebLogic SSL.
I am trying to use the certificate capture facility to provide two-way authentication. The servlet, however, only returns 'no certificate'. What's going on? There could be several causes for this problem. To troubleshoot, please check the following:
Does WebLogic support Diffie-Hellman or DSS/DSA public/private key digital certificates? No. The exportable version of WebLogic supports only 512 bit RSA with 40 bit RC4. Additionally, browsers do not support these types of certificates, and there are no commercial issuers for DSA certificates that WebLogic is familiar with.
Is it possible to have two certificates on the server, one RSA-based, and one non-RSA based? No.
We have some client code that currently uses Diffie-Helman or DSS/DSA. We need to move HTTP-based to HTTPS-based, but we do not want to pay additional RSA licensing costs. Can you help? WebLogic has licensed RSA for SSL between WebLogic Servers and clients. With WebLogic, no extra licensing for RSA is necessary, although different rules apply to VARs. |
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|