You have the option of configuring BrokerConnect instance to require SSL client connections. You can maintain both SSL-enabled and non-SSL BrokerConnect instances, but a given instance supports only one type of connection, either secure or nonsecure.
Security derives from the client authentication of the server's identity via a Public Key Infrastructure (PKI) and a symmetric data encryption system. To configure an adapter instance for SSL operation, you must:
Obtain and install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
Specify an alias and password for access to the private key/digital certificate.
Disable session caching, or enable it with a specified time-out.
To perform these configuration tasks, you can use OpenEdge Management/OpenEdge Explorer or manually edit the ubroker.properties file. You can use the mergeprop utility installed with OpenEdge to manually edit the ubroker.properties file. For information on using mergeprop, see OpenEdge Getting Started: Installation and Configuration.
To connect to an SSL-enabled BrokerConnect, a client application must have access to a digital (public key) certificate (often called a CA Root Certificate) that can authenticate with the digital certificate used by the adapter, and the client must use a secure protocol.
For more information on SSL support in OpenEdge, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
Obtain and install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).