This section provides a quick primer on SSL and a useful background to concepts and interactions that you need to understand in order to configure WebLogic’s SSL. If you feel confident about the terms and concepts involved in the world of SSL, you can skip to the next section, which dives into WebLogic’s SSL configuration.
WebLogic’s SSL implementation fulfills three important goals of secure communication: confidentiality, data integrity, and authentication. SSL is now often found under the name of Transport Layer Security (TLS), the new protocol based on SSL and currently being developed by the Internet Engineering Task Force (IETF). As the name indicates, TLS offers security at the transport layer, somewhere between the network layer (e.g., TCP/IP) and application layer (e.g., HTTP) protocols. A thorough description of SSL and its use within Java security services deserves a book of its own. We recommend Java Security, Second Edition, by Scott Oaks (O’Reilly) for a deeper understanding of SSL and related concepts. In this section, we give an overview of the key concepts that are relevant to configuring WebLogic’s SSL implementation.
Suppose a client, such as a browser, needs to securely communicate with a WebLogic server. SSL can ensure that this communication remains secure in the following ways:
SSL maintains the privacy of the conversation between the client and server. By encrypting the data sent between both parties, SSL makes it difficult ...