Try OpenEdge Now
skip to main content
Developing AppServer Applications
Design and Implementation Considerations : Security considerations : Secure Sockets Layer (SSL) : SSL-enabled AppServer
 
SSL-enabled AppServer
To secure a direct connection between the client and AppServer using SSL, you must configure:
*The AppServer client as an SSL client
*The AppServer, itself, as an SSL server
Note: A given AppServer can support only SSL or non-SSL connections. It cannot support both simultaneously. So, to allow applications to run in both an SSL-enabled and non-SSL-enabled AppServer environment, you must dedicate at least one AppServer to SSL connections and another AppServer to non-SSL connections. SSL-enabled and non-SSL-enabled AppServers can both run as Internet-secure AppServers using the AIA (see Internet-secure AppServer).
Configure and connect the SSL client to the AppServer by client type, as detailed in the following table.
Table 12. SSL management for clients of SSL-enabled AppServers
Client type
SSL configuration is supported by . . .
ABL client
OpenEdge using the certutil command-line tool to manage public key certificates. The client connects using an AppServer URL formatted for accessing an SSL-enabled AppServer. You can specify this URL using the AppServerS protocol for an SSL connection mediated by a NameServer or using the AppServerDCS protocol for an SSL connection directly to a specified AppServer.
For more information on managing the public key certificates, see the sections on managing OpenEdge key and certificate stores in OpenEdge Getting Started: Core Business Services - Security and Auditing. For information on connecting to an SSL-enabled AppServer from an ABL client, see the sections on using the -URL connection parameter in ProgrammingABL Client Applications and the sections on formatting an AppServer URL using the AppServerS or AppServerDCS protocol in Connecting to AppServers Using a URL.
Open Client
Microsoft tools to manage public key certificates for .NET Open Clients and by OpenEdge using the procertm command-line tool to manage public key certificates for Java Open Clients. The client connects using an AppServer URL formatted for accessing an SSL-enabled AppServer. You can specify this URL using the AppServerS protocol for an SSL connection mediated by a NameServer or using the AppServerDCS protocol for an SSL connection directly to a specified AppServer. For more information on managing public key certificates for .NET clients, see the information on managing certificate stores in the Microsoft .NET documentation.
For more information on managing public key certificates for Java clients, see the information on managing certificate stores in OpenEdge Development: Java Open Clients. For information on connecting to an SSL-enabled AppServer from an Open Client, see the sections on connecting to the AppServer in OpenEdge Development: Open Client Introduction and Programming, and the sections on formatting an AppServer URL using the AppServerS or AppServerDCS protocol in Connecting to AppServers Using a URL
.
AIA
OpenEdge:
*Using the certutil command-line tool to manage public key certificates for the AIA as an SSL client of the AppServer
*Using the OpenEdge Explorer or OpenEdge Management to configure the AIA properties required to specify that the connection to the AppServer uses SSL
With the AIA in an SSL connection to the AppServer, ABL or Open Client accessing the AppServer through the AIA would typically connect to the AIA using HTTPS in order to ensure a secure connection all along the way to the AppServer (see ).For more information on managing the public key certificates for an AIA as an SSL client, see the sections on managing OpenEdge certificate stores in OpenEdge Getting Started: Core Business Services - Security and Auditing.
For more information on configuring an AIA to specify an SSL connection to the AppServer, see the sections on AIA administration in OpenEdge Application Server: Administration.
WSA
OpenEdge:
*Using the certutil command-line tool to manage public key certificates for the WSA as an SSL client of the AppServer
*Using the OpenEdge Explorer or OpenEdge Management to configure the required Web service properties for each Web service managed by the WSA that you want to establish an SSL connection to the AppServer
Each Web service managed by a WSA can be configured individually as an SSL-enabled Web service. However, you manage the public key certificates for all SSL-enabled Web services that are managed by a single WSA using the same certificate store.
With a given WSA-managed Web service in an SSL connection to the AppServer, the Web service client would typically connect to the Web service itself using HTTPS to ensure a secure connection all along the way to the AppServer. See Internet-secure AppServer.
For information on managing the public key certificates for a WSA as an SSL client of the AppServer, see the sections on managing OpenEdge certificate stores in OpenEdge Getting Started: Core Business Services - Security and Auditing. Or, for configuring a Web service as an SSL-enabled Web service, see the sections on WSA and Web service administration in OpenEdge Application Server: Administration.
OpenEdge Adapter for Sonic ESB
Both:
*OpenEdge using the certutil command-line tool to manage public key certificates for the OpenEdge Adapter for Sonic ESB as an SSL client of the AppServer
*Sonic ESB using the Sonic ESB Explorer to configure the required OpenEdge service properties for each OpenEdge service managed by the OpenEdge Adapter for Sonic ESB that you want to establish an SSL connection to the AppServer
Each OpenEdge service managed by a OpenEdge Adapter for Sonic ESB can be configured individually as an SSL-enabled OpenEdge service. However, you manage the public key certificates for all SSL-enabled OpenEdge services that are managed by a single OpenEdge Adapter for Sonic ESB using the same OpenEdge certificate store.
In this configuration, with a given OpenEdge service in an SSL connection to the AppServer, a Web service client would typically connect to the OpenEdge service itself using HTTPS to a SonicMQ broker, which then communicates with the OpenEdge Adapter for Sonic ESB in order to ensure a secure connection all along the way to the AppServer. See Internet-secure AppServer.
For more information on managing the public key certificates for a OpenEdge Adapter for Sonic ESB as an SSL client of the AppServer, see the sections on managing OpenEdge certificate stores in OpenEdge Getting Started: Core Business Services - Security and Auditing. For more information on configuring an OpenEdge service as an SSL-enabled OpenEdge service, see the sections on OpenEdge Adapter for Sonic ESB and OpenEdge service administration in OpenEdge Application Server: Administration.For more information on using the OpenEdge Adapter for Sonic ESB to support OpenEdge services on the Sonic ESB, see OpenEdge Development: Messaging and ESB.
You can configure an AppServer as an SSL server by setting the appropriate SSL properties for the AppServer using the OpenEdge Explorer or OpenEdge Management. You must also manage a key store that contains the private key(s) for the AppServer using the pkiutil command-line tool.
For more information on configuring an SSL-enabled AppServer, see the sections on AppServer administration in OpenEdge Application Server: Administration. For more information on managing key stores for an SSL-enabled AppServer, see the sections on managing OpenEdge key stores in OpenEdge Getting Started: Core Business Services - Security and Auditing.
Note: An SSL-enabled AppServer can accept only SSL AppServer connections.