skip to main content
Core Progress Application Server security : HTTPS support
 

HTTPS support

The Progress Application Server (PAS) supports HTTP over a Secure Sockets Layer (HTTPS) by allowing you to configure an HTTPS port when you create an instance of a PAS server. The TCMAN utility supports specifying HTTPS ports with the -P option to the create action.
For example, the following instance is created with an HTTP port of 8501 and an HTTPS port of 8601:
$: $CATALINA_HOME/bin/tcman.sh create -p 8501 -P 8601 /psc/acme1
Server instance acme1 created at /psc/acme1
In PAS (and in Tomcat as well) HTTPS port support is provided by the Secure Socket Layer (SSL) implementation of the Java Secure Socket Extension (JSSE).
On a production server, you must replace the default SSL Server Certificate with a fully qualified certificate from a Certificate Authority (CA).
Server access via HTTPS is dependent on having an SSL Server Certificate. To support initial configuration and testing, PSC includes a self-signed server certificate in a Java keystore. (A key store is basically a file that contains the encrypted keys required for encoding and decoding information.) The PSC keystore is formatted according to the PKCS12 format and is maintained using the Java Keytool utility.
However, the default server certificate should only be used on a non-production server, or as a temporary certificate for setting up SSL a production server. Using the default certificate on a fully functional and deployed production server, is a serious security risk.