BEA Logo BEA WebLogic Server Release 5.0

  Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy

   e-docs   |   Site Map   |   Search   |   Contact   |   Glossary   |   WebLogic Server Documentation

Technical FAQ: Questions about WebLogic Security

FAQ Index

Expired sample security certificates

Q My sample security certificates have expired. Can they be updated?

A You can download an updated set and install them in your myserver/ directory, or wherever in your distribution you had installed them.

The sample certificates let you test SSL with WebLogic Server. The certificates are issued by WebLogic and are not signed by a well-known certificate authority, so they are not useful in a production environment. To purchase your own certificates, you can generate a certificate request using the Certificate Request servlet described in Using WebLogic SSL.

Top of the page

Using RSA encryption

Q Does WebLogic offer RSA encryption algorithms so that developers can use the javax.crypto.* API to build applications?

A No. WebLogic's RSA license does not permit end-users to use RSA classes directly. You must obtain your own license for the encryption libraries from RSA. For more information, see FAQs on WebLogic SSL.

Top of the page

SSL and certificates

Q I am trying to use the certificate capture facility to provide two-way authentication. The servlet, however, only returns 'no certificate'. What's going on?

A There could be several causes for this problem. To troubleshoot, please check the following:

  1. Does your browser have a personal certificate?

  2. Have you configured WebLogic SSL to require client authentication by specifying a valid X509 certificate for the weblogic.security.clientRootCA property?

  3. Have you installed the certificates for WebLogic in the myserver/ directory (or named per-server directory)?

  4. Have you configured a port for SSL connection requests in the properties file?

  5. Are you using HTTPS rather than HTTP?

Top of the page

Using non-RSA style certificates

Q Does WebLogic support Diffie-Hellman or DSS/DSA public/private key digital certificates?

A No. The exportable version of WebLogic supports only 512 bit RSA with 40 bit RC4. Additionally, browsers do not support these types of certificates, and there are no commercial issuers for DSA certificates that WebLogic is familiar with.

Q Is it possible to have two certificates on the server, one RSA-based, and one non-RSA based?

A No.

QWe have some client code that currently uses Diffie-Helman or DSS/DSA. We need to move HTTP-based to HTTPS-based, but we do not want to pay additional RSA licensing costs. Can you help?

A WebLogic has licensed RSA for SSL between WebLogic Servers and clients. With WebLogic, no extra licensing for RSA is necessary, although different rules apply to VARs.

 

Copyright © 2000 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.
Last updated 8/4/1999