Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Web Application Administration : Managing REST Web applications : SSL support for REST Web applications
 
SSL support for REST Web applications
The REST Management Agent acts as an intermediary between the AppServer and clients that access the service over the Internet. Thus, an application session involves two distinct connections, each of which is configured separately with respect to security.
To secure the connection via AppServer protocol between the deployed REST Web application and the AppServer:
*You must obtain and install public key certificates for the host machine in which the REST Management Agent resides.
*The REST Web application must send SSL requests to the AppServer that is to process the client requests. To configure the service to send SSL requests, you set the value of the appServiceProtocol property to AppServerS or AppServerDCS. You set this property, either for a specific service or as the default for services deployed on a given REST Management Agent, by using OpenEdge Management or OpenEdge Explorer or by manually editing the runtime.props file of a REST Web application or the default.props file of the REST Management Agent. (Note that this property applies to deployed services, not to the REST Management Agent itself; for more information on configuring REST security, see REST Management Agent and REST Web Application Security Configurations.)
*The AppServer must be SSL-enabled, that is, it must accept SSL requests from the REST Management Agent (or other clients). You set the property sslEnable=1 by checking the Enable SSL client connections box in the SSL General properties category in OpenEdge Management, OpenEdge Explorer, or by manually editing the ubroker.properties file. You must also obtain and install a server private key and public key certificate and set additional SSL server properties. See SSL-enabled AppServer operation for more information.
For details on SSL support in OpenEdge, including configuring and operating a Web service as a client of an SSL-enabled AppServer, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
* Enabling the REST Web application for HTTPS client connections
* SSL-related REST Web application properties