Managing Open Client root digital certificates

OpenEdge supports secure access between the Open Client and the AppServer over an intranet using the Secure Sockets Layer (SSL-enabled AppServer) and over the Internet using HTTPS(See ProgrammingConcepts). When a client connects to an SSL-enabled AppServer or to a Web server using HTTPS, the server sends its digital certificate to the client to prove its identity. The client is responsible for authenticating that identity. Authentication is done using root digital certificates. The client does this by locating the local root digital certificates on the client machine that corresponds to the server certificate issued by the Certificate Authority (CA) for the AppServer (intranet) or Web server (Internet). This local certificate is then validated against the server certificate to authenticate the identity of the server.

To meet the demands of the worldwide software distribution that Progress Software Corporation supports, a set of international CA root digital certificates is distributed with the OpenEdge installation in the OpenEdge certificate store (OpenEdge-Install-Dir/certs directory). Though these root digital certificates can be distributed and used as is, the size might make it impractical to use. For example, you might not want to use these root digital certificates with applets, due to the download time required.

Included with the OpenEdge distribution is a built-in OpenEdge CA root digital certificate (pscca.cer) to support SSL-enabled AppServer access without external CA support. For more information on digital certificates and the OpenEdge certificate store, see OpenEdge Getting Started: Core Business - Security and Auditing. Each Open Client type supports certificate management in a different way.