Try OpenEdge Now
skip to main content
Application Migration and Development Guide
Application Development with PAS for OpenEdge : Design and Implementation Considerations : Security considerations : Digital certificate management
 
Digital certificate management
You can use HTTPS (implemented with SSL/TLS) to securely connect a client to and communicate with PAS for OpenEdge. HTTPS provides data privacy over network connections and authentication between clients and servers on those connections using elements of Public Key Infrastructure (PKI). These elements include digital certificates, and both private and public keys, that the clients and servers use to authenticate each other and to set up data encryption and decryption services between the initiator of the communications (SSL client) and the responder (SSL server).
The server is identified by the private key that it stores and the client is identified as a valid SSL client for that server by the public key that it stores and provides to the server. SSL clients gain access to public keys using digital (public key) certificates provided by a trusted certificate authority (CA) that also provides the private key confidentially to the HTTPS server. You can use Tomcat tools to manage these certificates and private keys for a PAS for OpenEdge instance. For more information, see the sections on HTTPS support in the Progress Application Server for OpenEdge: Administration Guide and the Apache Tomcat documentation on managing the certificate and key store using the keytool command-line utility.
OpenEdge uses the certutil command-line tool to manage public key certificates for ABL clients. The client can then connect to a corresponding PAS for OpenEdge instance using an HTTPS URL. For more information on managing the public key certificates using certutil, see the sections on managing OpenEdge key and certificate stores in OpenEdge Getting Started: Installation and Configuration. For information on connecting to PAS for OpenEdge from an ABL client using HTTPS, see the sections on using the -URL connection parameter in Establishing a connection with the CONNECT( ) method.
You use Microsoft tools to manage public key certificates for .NET Open Clients and use the OpenEdge procertm command-line tool to manage public key certificates for Java Open Clients. The Open Client connects to a PAS for OpenEdge instance using an HTTPS URL very similar to an ABL client. For more information on managing public key certificates for .NET clients, see the information on managing certificate stores in the Microsoft .NET documentation. For more information on managing public key certificates for Java clients, see the information on managing certificate stores in OpenEdge Development: Java Open Clients. For information on connecting to a PAS for OpenEdge instance from an Open Client, see the sections on connecting to a server using HTTPS in OpenEdge Development: Open Client Introduction and Programming, and Connection URL syntax for the APSV transport in this manual.