Release 10.1A: OpenEdge Application Server:
Administration

Security considerations for AIA administration

The AIA acts as an intermediary between the AppServer or BrokerConnect and clients that must access the server over the Internet. Thus, an application session involves two distinct connections, each of which is configured separately with respect to security.

The first connection is Internet-based between the AIA and the client. For this connection to be secure, the following conditions must be met:

The client must use HTTPS protocol to send requests.
The AIA must be HTTPS-enabled; that is, it must be configured to accept HTTPS requests from clients (via the JSE or Web server). To configure the AIA to accept HTTPS connection requests, you set the property httpsEnabled=1. You set this property by checking the HTTPS enabled box in the General properties category in the Progress Explorer, or by manually editing the ubroker.properties file.
Note: You can use the mergeprop utility installed with OpenEdge to manually edit the ubroker.properties file. For information on using mergeprop, see OpenEdge Getting Started: Installation and Configuration .
The JSE or Web server must support server authentication. Supporting server authentication requires that X.509 digital certificates be installed on both the Web server (or JSE) and the client machine. At each Web server to be accessed, a server certificate that uniquely identifies this Web server must be installed. As part of the SSL protocol, this server certificate is sent from the Web server to the client. See the "Enabling the Web server or JSE for SSL operation" section for more information.

The second connection is via AppServer protocol between the AIA and the AppServer or BrokerConnect. For this connection to be secure, the following conditions must be met:

The AIA must be SSL-enabled, meaning that it sends SSL data to the AppServer or BrokerConnect that is to process the client requests. To configure the AIA to send SSL requests, you set the property sslEnable=1. You set this property by checking the Enable SSL AppServer connections box in the SSL properties category in the Progress Explorer, or by manually editing the ubroker.properties file. In addition, you must obtain and install public key certificates for the AIA host machine.
The AppServer or BrokerConnect must be SSL-enabled, meaning that it accepts SSL requests from the AIA (or other clients). You set the property sslEnable=1 by checking the Enable SSL Client Connections box in the SSL General properties category in the Progress Explorer, or by manually editing the ubroker.properties file. You must also obtain and install a server private key and public key certificate and set additional SSL server properties.

AIA behavior in an SSL environment

A given AIA instance handles only one type of client request, either HTTP or HTTPS. The following results occur if the AIA receives a request via the incorrect protocol:

If an HTTPS-enabled AIA instance receives an HTTP request, it redirects the request to HTTPS. That is, it returns the message to the client along with the appropriate URL to which the request should be resubmitted. This URL specifies HTTPS protocol and identifies the secure port on which the AIA listens for HTTPS requests.
If an AIA instance that is not HTTPS-enabled receives an HTTPS request, it returns an HTTPSNotEnabledException error.

Obtaining more information on SSL operations

To obtain additional information about SSL operations, refer to the following sources:

For more information on SSL support in OpenEdge, see OpenEdge Getting Started: Core Business Services .
For more information on setting properties for the AIA and other Unified Broker products, see the Progress Explorer help or the OpenEdge-Install-Directory\properties\ubroker.properties.README file.
For more information on managing digital certificates for 4GL clients, see OpenEdge Deployment: Managing 4GL Applications .
For more information on managing digital certificates for Open Clients, see OpenEdge Development: Open Client Introduction and Programming .