Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Security : SSL in OpenEdge : OpenEdge SSL architecture : OpenEdge SSL client and server components
OpenEdge SSL client and server components
OpenEdge-managed SSL client connection points indicate SSL clients specifically supported by OpenEdge. These clients can be accessing OpenEdge servers using SSL, either indirectly on the Internet (using HTTPS) or directly on an intranet, depending on the server involved in the connection. OpenEdge-managed SSL server connection points indicate SSL servers specifically supported by OpenEdge for direct access on an intranet without the need for an intervening Internet connection.
All OpenEdge-managed SSL servers rely on a common OpenEdge key store to manage the private keys and server digital certificates required to support SSL connections from clients. These OpenEdge-managed SSL servers include the OpenEdge RDBMS, the AppServer, the WebSpeed Transaction Server, the OpenEdge Adapter for SonicMQ BrokerConnect, and ABL socket servers.
Similarly, most OpenEdge-managed SSL clients and servers rely on a common OpenEdge certificate store to manage the root CA digital certificates that enable them to establish connections to appropriate SSL servers. These OpenEdge-managed SSL clients and servers in ABL include database clients, socket clients, AppServer clients (including Web service clients), and SonicMQ BrokerConnect clients. Other OpenEdge-managed SSL clients include the SQL clients (JDBC and ODBC), AppServer Internet Adapter (AIA), Web Services Adapter (WSA), Sonic ESB Adapter, and WebSpeed Messenger. Exceptions include the .NET and Java Open Clients, which rely on their own certificate store facilities as supported by the Open Client Toolkit.
For more information on OpenEdge support for managing key and certificate stores, see Managing SSL server identity.
Note: For OpenEdge server components that have the option of using a NameServer to manage distributed server resources, the NameServer itself is never a party to an SSL connection. This is because the NameServer does not participate in the transmission of application data over any of the SSL client/server connections that it facilitates.
The OpenEdge SSL client and server connections shown within (or between) ABL applications indicate ABL applications acting as SSL clients, SSL servers, or both using ABL socket connections. Using sockets, ABL applications running on different ABL client machines can communicate securely with each other using the same SSL infrastructure as any OpenEdge SSL client and server (such as an ABL client and AppServer). Note, also, that ABL sessions can be socket servers for non-ABL socket clients and can be socket clients for non-ABL socket servers.
Note: An ABL session running in an AppServer or WebSpeed agent can function as an SSL socket client only (not as a socket server).