You have the option of configuring any WebSpeed Transaction Server instance to require Secure Sockets Layer (SSL) client connections. You can maintain both SSL-enabled and non-SSL Transaction Server instances, but a given instance supports only one type of connection, either secure or non-secure.
Security derives from the client authentication of the server's identity via a Public Key Infrastructure (PKI) and a symmetric data encryption system. To configure a Transaction Server instance for SSL operation, you must:
Obtain and install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
Specify an alias and password for access to the private key/digital certificate.
Disable session caching, or enable it with a specified timeout.
To connect to an SSL-enabled WebSpeed Transaction Server, a WebSpeed Messenger must have access to a digital (public key) certificate (often called a CA Root Certificate) that can authenticate with the digital certificate used by the server, and the Messenger must be configured to send SSL requests.
To perform these configuration tasks, you can use OpenEdge Management/ OpenEdge Explorer or manually edit the ubroker.properties file, as explained in the next section.
Obtain and install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).