Most user-programmable OpenEdge SSL clients, including ABL clients, .NET Open Clients, and Java Open Clients, provide a mechanism for you to access the authenticated SSL server name of most SSL servers directly involved in an SSL connection. The SSL server name is the X.500 Subject name in the SSL server certificate used to authenticate the SSL server to the client. This name is distinct from and often different than the network host name of the computer on which the SSL server runs.

For Internet connections, where the immediate SSL server is the Web server and not necessarily the final server endpoint for the client, the SSL server name returned is that of the Web server. This is true even if the Internet client ultimately accesses an AppServer that is accessed as an SSL server by middleware provided, for example, by the WSA or AIA.

This feature is a useful tool when you must disable SSL server host name verification (see Table 3), yet you want the application to verify the connected SSL server. Thus, when you disable host name verification, after each SSL connection to a server, you can use this feature to access the SSL server name and verify it manually against an internal list of acceptable SSL server connections.

The following table describes the mechanisms provided by supported, programmable, OpenEdge SSL clients for accessing the SSL server name and indicates where you can find more information about them.