Using advanced HTTP and HTTPS options with the Web server
You can use the following advanced options when configuring the use of HTTP or HTTPS:
Use a Trust Keystore other than the demo provided by OpenEdge Management or OpenEdge Explorer.
Identify trusted clients for HTTP and/or HTTPS.
To use the advanced options:
1. From the OpenEdge Management Web Server Configuration page, click Advanced Options.
The expanded OpenEdge Management Web Server Configuration page appears.
2. Under HTTP Configuration, type the name of one or more trusted clients in the Trusted clients field. If you type more than one trusted client, use a comma-delimited list.
You can specify trusted clients by host IP address, IP address range with the * wildcard (such as 123.123.123.*), or subnet in the CIDR notation (such as 123.123.123.0/16).
Under HTTPS Configuration, notice that the following fields are prefilled with data taken from the demo keystore, which is demoWebServerIdentityKeystore.jks:
Keystore path name
Keystore pass phrase
Alias
Alias pass phrase
The Keystore pass phrase, Alias, and Alias pass phrase are all case-sensitive.
The following details relate to the demo certificate information:
Owner — The Common (CN) and Organization (O) name components of the Distinguished Name (DN), whose public key the certificate identifies. For the demo, the owner is Demo or localhost, Progress Software Corp.
Note that most popular browsers expect the common name portion of the owner name to be the DNS host name of the machine that is using the certificate for secure communication. If a certificate has a different common name, as does the demo certificate, the browser notifies you of the difference when you connect to a Web server using this certificate.
Issuer — The Common (CN) and Organization name components of the Distinguished Name (DN), the organization that signed the certificate.
Type — The type of certificate. X.509 is the most widely accepted format and is currently the only format supported by the JDK keytool. This is also the default format used by cryptographic protocols.
Public key — The algorithm used to generate the public/private key pair. This should always be RSA, which is the only algorithm that some browsers recognize.
Signature algorithm — The algorithm used by the CA to sign the certificate.
Version — The version of the X.509 standard that applies to this certificate. There are currently three certificate versions: V1, V2, and V3.
Valid from — The dates for which the certificate is valid.
3. Type the name of one or more trusted clients in the Trusted clients field. If you type more than one trusted client, use a comma-delimited list.
4. Click Submit. A message appears confirming that the configuration has been successfully updated.
5. Click OK.
Changes you make to the configuration might require you to reconnect (log in again) to OpenEdge Management or OpenEdge Explorer.
To set the cryptographic protocol and cipher for a WebServer, you must set the following properties in the fathom.properties file that is available at $DLC/properties:
Property
Description
sslEnable
Default value: 0
Enables you to change the cryptographic protocols and ciphers for secure communication with a WebServer. If you enable SSL for the WebServer in OpenEdge Management and OpenEdge Explorer, this property is set to true.
SSLEnabledProtocols
Default value: TLSv1.2
Supported values: SSLv3, TLSv1, and TLSv1.1
If you want to change the default cryptographic protocol for the WebServer, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic protocols that are set for secure communication.
SSLEnabledCipherSuites
If you want to change the default cryptographic ciphers for the WebServer, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic ciphers that are set for secure communication.