Try OpenEdge Now
skip to main content
DataServer for Oracle
Introduction : DataServer components : SSL enabled DataServer
 

SSL enabled DataServer

Configuring the clent and server components of a remote DataServer connection with Secure Sockets Layer (SSL) communications is optional. Users can maintain both SSL-enabled and non-SSL instances of a DataServer broker environment. However a given instance supports only one type of connection, either secure or non-secure.
DataServer Security is based on the client authenticating the server's identity using a Public Key Infrastructure (PKI) and a symmetric data encryption system. To configure a Broker instance for SSL operation, you must:
*Install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
*Specify the keyAlias and keyAliasPasswd parameters in the UBroker.OR.orabroker1 section of the ubroker.properties file for access to the private key/digital certificate
*Disable session caching of the orabroker using the noSessionCache parameter, or enable it with a specified timeout using the sessionTimeout parameter.
For more information see Establishing the SSL protocol in a DataServer broker instance of the Unified Broker and Unifed Broker section and the OpenEdge Getting Started : Core Business Services – Security and Auditing guide.
To connect to an SSL-enabled OE DataServer component, Client and Servers must have access to a digital (public key) certificate that can authenticate with the digital certificate used by the server, and the client must be configured to send SSL requests. All OpenEdge-managed SSL servers rely on a common OpenEdge key store to manage the private keys and server digital certificates required to support SSL connections from clients. Similarly, most OpenEdge-managed SSL clients and servers rely on a common OpenEdge certificate store to manage the root CA digital certificates that enable them to establish connections to appropriate SSL servers. With the OpenEdge installation, a third party Public/Private key pair is provided for testing. The root CA certificate is located in $DLC/keys/default_server.pem and the public key is located in $DLC/certs/pscca.cer.