I don't know anything about virtual vault at all BUT --
if you just have the "typical" scenario of
browser client -> Netscape Iplanet -> WebLogic Cluster
then you can definitely have SSL communication between Netscape IPlanet and your WebLogic cluster.
You've probably heard different answers because this is a relatively new feature that was added to WebLogic, so there is some confusion. For a long time, you could only have SSL communication between the browser and IPlanet, and cleartext between IPlanet and WebLogic. The IPlanet certificates are proprietary, and specific, to IPlanet, so there is no way that BEA could use those same certificates to establish an SSL connection between the proxy and WebLogic.
What BEA has done to get around this is to have the plugin module that resides on IPlanet, load WebLogic-specific certificates, so that a separate SSL connection, using different certificates, is then established between the proxy server and WebLogic on the backend. This feature was added in some service pack for WebLogic 5.1 -- I'm not sure which service pack -- but I am sure that if you are using the plug-in from service pack 9 (the most recent service pack) then this feature will definitely be available.
So essentially you then have:
SSL connection #1 -- browser client using Netscape keys and certificates to create a secure connection to iPlanet
SSL connection #2 -- iPlanet acting as a client to WebLogic, using WebLogic keys and certificates to create a secure connection to WebLogic on the backend.
Keep in mind performance for this setup is going to be pretty wretched. SSL is not exactly fast. Having cleartext communication on the backend helps performance quite a bit. But if you place a real premium on security, this solution may still be worth your examination.
Also check out:
Hope this helps.
BEA/WebLogic Support staff