You have the option of configuring any AppServer instance to require Secure Sockets Layer (SSL) client connections. You can maintain both SSL-enabled and non-SSL AppServer instances, but a given instance supports only one type of connection, either secure or nonsecure.
Security derives from the client authentication of the server's identity via a Public Key Infrastructure (PKI) and a symmetric data encryption system. To configure an AppServer instance for SSL operation, you must:
Obtain and install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
Specify an alias and password for access to the private key/digital certificate.
Disable session caching, or enable it with a specified timeout.
To perform these configuration tasks, you can use OpenEdge Management or OpenEdge Explorer, or manually edit the ubroker.properties file.
To connect to an SSL-enabled AppServer, a client application must have access to a digital (public key) certificate (often called a CA Root Certificate) that can authenticate with the digital certificate used by the server, and the client must use a secure protocol.
For more information on SSL support in OpenEdge, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
Obtain and install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).