OpenEdge Data Management:<br />Database Administration Starting database brokers for SSL connections

Release 10.1A: OpenEdge Data Management:
Database Administration

Starting database brokers for SSL connections

OpenEdge supports Secure Sockets Layer (SSL) connections to the database server. SSL connections provide authentication and data privacy between the database server and clients according to Public Key Infrastructure (PKI) standards.

For a database server to start up with SSL, it must have access to:

The private key that corresponds to the digital certificate the server uses to assert its identity to an SSL client.

A valid digital certificate that asserts the server’s identity and contains the Public Key corresponding to the private key.

Note: SSL incurs heavy performance penalties, depending on the client, server, and network resources and load. For more information on SSL and the security features of OpenEdge, see OpenEdge Getting Started: Core Business Services .

Use the following command to start a broker that spawns SSL servers and accepts connections from SSL clients:
proserve db-name -S service-name [-H host-name] -ssl  
      [-keyalias key-alias-name] 
      [-keyaliaspasswd password] 
      [-nosessioncache][-sessiontimeout n] 
db-name
Specifies the database you want to start. If the database is not in the current directory, you must specify the full pathname of the database.
-S service-name
Specifies the broker process service name.
-H host-name
Specifies the machine where the database server runs.
-ssl
Specifies that all database and SQL client connections will use SSL.
-keyalias key-alias-name
Specifies the alias name of the SSL private key/digital certificate key-store entry to use. The default is default_server.
-keyaliaspasswd password
Specifies the SSL key alias password to use to access the server’s private key/digital certificate key-store entry. The default is the encrypted value of password. If you use a value other than the default, it must be encrypted. You can use the genpassword utility, located in your installation’s bin directory, to encrypt the password.
-nosessioncache
Specifies that SSL session caching is disabled. Session caching allows a client to reuse a previously established session if it reconnects before the session cache time-out expires. Session caching is enabled by default.
-sessiontimeout n
Specifies in seconds the length of time an SSL session will be held in the session cache. The default is 180 seconds.