When SSL is used, the target (the server) always authenticates itself to
the initiator (the client). Optionally, if the target requests it, the
initiator can authenticate itself to the target. Encryption makes data
transmitted over the network intelligible only to the intended
recipient. An SSL connection begins with a handshake during which the
applications exchange digital certificates, agree on the encryption
algorithms to be used, and generate the encryption keys to be used for
the remainder of the session.
- Server authentication—WebLogic Server uses
its digital certificate, issued by a trusted certificate authority, to
authenticate to clients. SSL minimally requires the server to
authenticate to the client using its digital certificate. If the client
is not required to present a digital certificate, the connection type is
called one-way SSL authentication.
- Client Identity Verification—Optionally,
clients might be required to present their digital certificates to
WebLogic Server. WebLogic Server then verifies that the digital
certificate was issued by a trusted certificate authority and
establishes the SSL connection. An SSL connection is not established if
the digital certificate is not presented and verified. This type of
connection is called two-way SSL authentication, a form of mutual
- Confidentiality—All client requests and
server responses are encrypted to maintain the confidentiality of data
exchanged over the network.
- Data Integrity—Each SSL message contains a
message digest computed from the original data. On the receiving end, a
new digest is computed from the de-crypted data and then compared with
the digest that came with the message. If the data is altered, the
digests don’t match and tampering is detected.
- Data that flows between a client and WebLogic Server is protected from tampering by a third-party validation of user identities.