Managing OpenEdge Key and Certificate Stores

All OpenEdge server and client components that implement Secure HTTP (HTTPS) or Secure Socket Layer (SSL) connections require access to private keys and digital certificates to negotiate these connections and to enable them to function securely.

For all OpenEdge components, OpenEdge provides utilities that allow you to install and manage keys and digital certificates (in key stores and certificate stores) so the components can access them. For Open Clients, clients of OpenEdge Web services, OpenEdge provides utilities for some clients or it relies on utilities provided by the client platform to manage the required certificate stores.

This chapter describes how to use the OpenEdge utilities.

An SSL server requires access to a private key and a digital (public-key) certificate to authorize the identity of the server. Clients require access to public-key certificates that allow them to authenticate the servers that they access. Both servers and clients must obtain their keys and certificates from a trusted source, a Certificate Authority (CA). The server can trust the CA to authorize the server's identity and the client can trust the CA to provide proof of the server's identity. For more information on keys, certificates, and how CAs support them, see the chapters on security in OpenEdge getting Started: Core Business Services - Security and Auditing.