Release 10.1A: OpenEdge Development:
Programming Interfaces

Using secure database connections

You can use the Secure Sockets Layer (SSL) to provide a security infrastructure that protects communications between a database client and server. SSL provides data privacy over network connections and authentication between clients and servers on those connections using elements of Public Key Infrastructure (PKI). These elements include private and public keys that the clients and servers use to authenticate each other and to set up data encryption and decryption services between the initiator of the communications (SSL client) and the responder (SSL server). The server is identified by the private key that it stores and the client is identified as a valid SSL client for that server by the public key that it stores and provides to the server. SSL clients gain access to public keys using digital (public key) certificates provided by a trusted certificate authority (CA) that also provides the private key confidentially to the SSL server.

Note: SSL incurs heavy performance penalties, depending on the client, server, and network resources and load.

To secure a connection to the database using SSL:

Ensure that your OpenEdge RDBMS is SSL-enabled. This requires that you:
Install a private key and server certificate on the database server or use the default private key and certificate installed with the server by OpenEdge.
Startup the database server with the startup parameters required to enable SSL database connections.
Ensure that your 4GL client system has a public key certificate installed that corresponds to the private key installed and used to support SSL on the database server.
Using the CONNECT() statement, connect to the database using the client connection parameters required to establish an SSL connection, as shown in Table 2–9.

Table 2–9: SSL database connection parameters

Connection parameter	Description
SSL-based Connection (-ssl)	Specifies a Secure Socket Layer connection. (Required)
No Host Verify (-nohostverify)	Turns off host verification for a Secure Sockets Layer (SSL) connection. (Optional)
No Session Reuse (-nosessionreuse)	Avoids the reuse of a Secure Sockets Layer (SSL) session ID. (Optional)

For more information on:

OpenEdge SSL support and how to manage private and public keys and certificates to secure connections, see OpenEdge Getting Started: Core Business Services .
How to enable a database server for SSL connections, see OpenEdge Data Management: Database Administration .
Using the CONNECT() method to connect to a database, see Chapter 1 "Database Access" in this manual.
The database server startup and connection parameters used to enable SSL, see OpenEdge Deployment: Startup Command and Parameter Reference .