Try OpenEdge Now
skip to main content
Administration Guide
Server security : HTTPS support
 

HTTPS support

The Progress Application Server (PAS) allows you to configure an HTTPS port when you create an instance of a PAS server. The TCMAN utility supports specifying HTTPS ports with the -P option to the create action.
For example, the following instance is created with an HTTP port of 8501 and an HTTPS port of 8601:
$: $CATALINA_HOME/bin/tcman.sh create -p 8501 -P 8601 /psc/acme1
Server instance acme1 created at /psc/acme1
In PAS (and in Tomcat as well) HTTPS port support is provided by the Secure Socket Layer (SSL) or Transport Layer Security (TLS) implementation of the Java Secure Socket Extension (JSSE).
On a production server, you must replace the default SSL/TLS Server Certificate with a fully qualified certificate from a Certificate Authority (CA).
Server access via HTTPS is dependent on having an SSL/TLS Server Certificate. To support initial configuration and testing, PSC includes a self-signed server certificate in a Java keystore. (A key store is basically a file that contains the encrypted keys required for encoding and decoding information.) The PSC keystore is formatted according to the PKCS12 format and is maintained using the Java Keytool utility.
However, the default server certificate should only be used on a non-production server, or as a temporary certificate for setting up SSL or TLS on a production server. Using the default certificate on a fully functional and deployed production server, is a serious security risk.
See Configuring PAS for OpenEdge for SSL/TLS for more information.