Configuring the client and server components of a remote DataServer connection with Secure Sockets Layer (SSL) communications is optional. Users can maintain both SSL-enabled and non-SSL instances of a DataServer broker environment. However a given instance supports only one type of connection, either secure or non-secure.
DataServer Security is based on the client authenticating the server's identity using a Public Key Infrastructure (PKI) and a symmetric data encryption system. To configure a Broker instance for SSL operation, you must:
Install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
Specify the keyAlias and keyAliasPasswd parameters in the UBroker.MS.mssbroker1 section of the ubroker.properties file for access to the private key/digital certificate
Disable session caching of the orabroker using the noSessionCache parameter, or enable it with a specified timeout using the sessionTimeout parameter.
To connect to an SSL-enabled OE DataServer component, Client and Servers must have access to a digital (public key) certificate that can authenticate with the digital certificate used by the server, and the client must be configured to send SSL requests. All OpenEdge-managed SSL servers rely on a common OpenEdge key store to manage the private keys and server digital certificates required to support SSL connections from clients. Similarly, most OpenEdge-managed SSL clients and servers rely on a common OpenEdge certificate store to manage the root CA digital certificates that enable them to establish connections to appropriate SSL servers. With the OpenEdge installation, a third party Public/Private key pair is provided for testing. The root CA certificate is located in $DLC/keys/default_server.pem and the public key is located in $DLC/certs/pscca.cer.
Install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
