Managing certificate stores for OpenEdge clients and servers

You can manage trusted CA/root digital (public-key) certificates for OpenEdge clients and servers that support SSL connections using a root certificate store located in the OpenEdge-Install-Dir\certs directory. Each OpenEdge SSL client and server requires the root certificate store entry that contains the public-key certificate from the CA who signed and issued the public-key certificate for the SSL server that the client and server needs to access. Without access to this CA's root digital certificate the OpenEdge clients and servers will be unable to validate the identity of the SSL server and will abort the SSL connection process. For more information on the OpenEdge client and server components that support SSL client and server configuration, see the sections on the supported SSL client components in OpenEdge Getting Started: Core Business Services - Security and Auditing.

If you require only data encryption and do not need to verify the identity of SSL servers (typically, for intranet configurations only), OpenEdge comes with the root digital certificate from the Progress Software Corporation CA (who also signed and issued the default_server key store digital certificate for OpenEdge SSL servers already installed). The Progress Software Corporation CA root digital certificate is distributed in PEM format as d9855a82.0 and in DER format as pscca.cer (suitable for importing into a Windows workstation for use by an OpenEdge .NET Open Client). This default entry contains a common root public-key certificate that you can use to access any supported OpenEdge SSL server. For more information on the default root public-key certificate, see the sections on the OpenEdge default server identity in OpenEdge Getting Started: Core Business Services - Security and Auditing.