Setting up secure communication-related security for a remote AdminServer

You can set up secure communication-related properties for a remote AdminServer to ensure that communication between OpenEdge Management or OpenEdge Explorer and a remote AdminServer is secure. For more information on setting up a remote AdminServers, see Settingup a remote AdminServer.

The following table lists all the properties in management.properties file at the %DLC%\properties location:

Property	Description
sslEnable	Default value: 0 Enables you to set the cryptographic protocols and ciphers for secure communication with a remote AdminServer. To set the default cryptographic protocols and ciphers for the remote AdminServer, set this property value to 1. You must reset the remote AdminServer and OpenEdge Management or OpenEdge Explorer for the setting to take effect.
enabledProtocols	Default value: TLSv1.2 Supported values: SSLv3, TLSv1, and TLSv1.1 If you want to change the default cryptographic protocol for the remote AdminServer, enter this property in the management.properties file. The property accepts a comma-separated list of valid cryptographic protocols that are set for secure communication.
enabledCipherSuites	If you want to change the default cryptographic protocol for the remote AdminServer, enter this property in the management.properties file. The property accepts a comma-separated list of valid cryptographic protocols that are set for secure communication.
tcpEnable	Default value: 1 Enables unsecure connections to remote AdminServer. To disable it, set the property value to 0. This only affects the TCP connection for incoming management connections. It does not affect TCP connections for outgoing OpenEdge Management connections to a remote AdminServer.
sslPort	Default value: 7278 Specifies the port using which OpenEdge Management receives the incoming secure connections
port	Default value: 6835 Specifies the port using which OpenEdge Management receives non-secured connections
keyAlias	Default value: default_server Specifies the alias set for a private/public key.If this property is not set, the server certificate alias that is provided by OpenEdge is used.
keyAliasPasswd	Default value: -NA- Specifies the password set for the alias of the private/public-key. This password is expected to be encoded. You can use the OpenEdge provided genpassword utility for encoding your passwords. For information on the genpassword utility, see OpenEdge Getting Started: Installation and Configuration. If this property is not set, the password of the default alias that is provided by OpenEdge is used.
keyStorePath	Default value: -NA- Specifies the key store location. If this property is not set, the default value is $DLC/keys.
sslRequireClientAuth	Default value: 0 When set to 1, this property specifies that an incoming secure connection must provide a valid client certificate to connect to the AdminServer.
keyStorePasswd	Default value: -NA- Specifies the password used for accessing the custom keystore. This password is expected to be encoded. You can use the OpenEdge provided genpassword utility for encoding your passwords. For information on the genpassword utility, see OpenEdge Getting Started: Installation and Configuration.
noHostVerify	Default value: 0 When set to 1, OpenEdge Management disables host verification when connecting to a remote AdminServer that has a private key. Note: By default, host verification is bypassed when the default_server key is used.

Using the secure communication properties, you can implement secure communication for the Remote AdminServers in the following ways:

Without private key information: This is the basic and default secure communication configuration used when you set up a cryptographic protocols-enabled Remote AdminServer in the Remote Adminserver Configuration page. Using this configuration, you are using the OpenEdge-provided server certificate from the certificate store. This configuration does not require any private key information.

This is the recommended setting for testing the secure communication configuration of a remote AdminServer.

With private key information for the Remote AdminServer: Using this configuration, you can create and store your server certificate on the server side for OpenEdge Management to connect to the remote AdminServer and validate the private key provided by the remote AdminServer.

You must perform the following steps to configure a cryptographic protocol-enabled remote AdminServer with private key information on the remote AdminServer:

1. Generate a private/public key and certificate for the remote AdminServer that requires secure communication. You can use OpenEdge-provided utilities for generating the key and certificate. For more information about managing the OpenEdge key and Certificates Stores, see the OpenEdge Getting Started: Installation and Configuration guide.

2. Open the management.properties file from $DLC\properties and edit the properties to point to the private/public key and certificate information.

3. Restart OpenEdge Management for the settings to take effect.

With private key information for the remote AdminServer and OpenEdge Management: In this configuration, you create and store your server and client certificates in OpenEdge Management and remote AdminServer, respectively, for OpenEdge Management to connect to the remote AdminServer. You must validate the private key provided by the remote AdminServer on a OpenEdge Management end, and validate the private key provided by OpenEdge Management on a remote AdminServer end.

You must perform the following steps to configure an cryptographic protocol-enabled remote AdminServer with private key information on the remote AdminServer:

1. Generate a private key and certificate for the remote AdminServer and OpenEdge Management for secure communication. You can use OpenEdge-provided utilities for generating the key and certificate. For more information about managing the OpenEdge key and Certificates Stores, see the OpenEdge Getting Started: Installation and Configuration guide.

2. Open the management.properties file from $DLC\properties and edit the properties to point to the private/public key and certificate information. Ensure that the sslRequireClientAuth property is set to 1.

3. Configure the remote AdminServer to authorize the private-key information that it receives from OpenEdge Management.

4. Restart OpenEdge Management and the remote AdminServer for the settings to take effect.