Try OpenEdge Now
skip to main content
Developing AppServer Applications
Design and Implementation Considerations : Security considerations : Secure Sockets Layer (SSL) : Internet-secure AppServer
 
Internet-secure AppServer
You can configure HTTPS security for an AppServer application on the Internet, depending on the type of client and AppServer adapter. For an AppServer client that directly calls AppServer application services (ABL client or .NET and Java Open Client), you use the AppServer Internet Adapter (AIA) to access the AppServer on behalf of the client. For a Web service client that accesses AppServer application services as OpenEdge Web services, you use the Web Services Adapter (WSA) to access the AppServer on behalf of the Web service accessed by the client. The OpenEdge Adapter for Sonic ESB also supports Web service client or general ESB client and service access to the AppServer as an OpenEdge service with Internet and intranet security on the ESB side provided by the Sonic Enterprise Service Bus (ESB).
In all cases, to secure an Internet connection between the client and AppServer using HTTPS, you must configure:
*The client as an HTTPS client
*The server hosting the AppServer adapter as an HTTPS server
You can configure and connect the client (AppServer or Web service client) as an HTTPS client, depending on the client type, as described in the following table:
Table 10. HTTPS management for clients of an Internet-secure AppServer
Client type
HTTPS configuration is supported by . . .
ABL client
OpenEdge using the certutil command-line tool to manage public key certificates. The client connects using an HTTPS URL formatted for accessing an Internet-secure AppServer.
For more information on managing the public key certificates, see the sections on managing OpenEdge key and certificate stores in OpenEdge Getting Started: Core Business Services - Security and Auditing. For information on connecting to an Internet-secure AppServer from an ABL client, see the sections on using the -URL connection parameter in Programming ABL Client Applications and the sections on formatting an Internet URL to the AppServer using HTTPS in Connecting to AppServers Using a URL
.
Open Client
Microsoft tools to manage public key certificates for .NET Open Clients and by OpenEdge using the procertm command-line tool to manage public key certificates for Java Open Clients. The client connects using an HTTPS URL formatted for accessing an Internet-secure AppServer.For more information on managing public key certificates for .NET clients, see the information on managing certificate stores in the Microsoft .NET documentation.
For more information on managing public key certificates for Java clients, see the information on managing certificate stores in OpenEdge Development: Java Open Clients. For information on connecting to an Internet-secure AppServer from an Open Client, see the sections on connecting to the AppServer in OpenEdge Development: Open Client Introduction and Programming, and the sections on formatting an Internet URL to the AppServer using HTTPS in Connecting to AppServers Using a URL.
Web service client
Web service client platforms for Web service clients. Web service clients connect to or access the Web service through the Web server using the WSA URL configured for it and provided to the Web service client as part of other Web service access information included in the Web Services Description Language (WSDL) file for the specified Web service. The WSA, itself, maintains the connection information to the Web service specified in the WSDL file.
For more information on managing public key certificates for Web service clients, see the documentation on your Web service client platform.
For more information on how a Web service client connects to and accesses the WSA-managed Web service, see the information on programming Web service clients in OpenEdge Development: Web Services and the information on managing a WSA and deploying an OpenEdge Web service in OpenEdge Application Server: Administration.
ESB client or service
The Sonic ESB. An ESB client or service accesses other ESB services using the interfaces provided by the Sonic ESB.
For more information on managing public key certificates and any other ESB security configuration options for ESB clients and services, and on accessing ESB services in general (including OpenEdge services), see the Sonic ESB documentation.
For more information on using the OpenEdge Adapter for Sonic ESB to support OpenEdge services on the Sonic ESB, see OpenEdge Development: Messaging and ESB.
On the server end of the Internet connection, you can configure the HTTPS server and OpenEdge adapters that access the AppServer as described in the following table.
Table 11. HTTPS management for Internet-secure AppServer adapters
Adapter type
HTTPS configuration is supported by . . .
AIA
The Web server utilities provided to manage private key stores for the Web server accessed as an HTTPS server.
For more information on managing key stores on a Web server, see the Web server documentation.Also, in order to ensure that AppServer clients use HTTPS to access the AIA, you must set the httpsEnabled property appropriately in the ubroker.properties file for the AIA. For more information, see the sections on configuring the AIA in OpenEdge Application Server: Administration.
WSA
The Web server utilities provided to manage private key stores for the Web server accessed as an HTTPS server.
For more information on managing key stores on a Web server, see the Web server documentation.The use of HTTPS by the WSA is determined by its URL, which you specify when you create a WSA instance. Therefore, if specified, a WSA instance requires that clients use HTTPS to access all Web services that it manages.
For more information, see the sections on creating and managing a WSA in OpenEdge Application Server: Administration.
OpenEdge Adapter for Sonic ESB
The Sonic ESB utilities provided to manage a private key store for the HTTP direct acceptor used to handle requests to the ESB from Web service clients.
For more information on managing key stores for an HTTP direct acceptor for the Sonic ESB, see the Sonic ESB documentation.The Sonic ESB also supports access to an OpenEdge service from clients and services on the ESB other than Web service clients.
For information on securing access to OpenEdge services from these types of clients, see the Sonic ESB documentation.For more information on managing the OpenEdge Adapter for Sonic ESB, see the sections on the OpenEdge Adapter for Sonic ESB in OpenEdge Application Server: Administration.