OpenEdge Getting Started:<br />Application and Integration Services How clients use HTTPS

When using HTTPS, OpenEdge establishes an SSL connection with the Web server (or JSE). As part of establishing the connection, OpenEdge verifies server access by comparing a digital certificate that has been installed on the server with a corresponding digital certificate installed on the client. If OpenEdge determines that the server certificate is not valid, the connection to the AIA instance is denied. These digital certificates are based on public and private encryption keys issued by a trusted Certificate Authority (CA).

Verifies that the server certificate is signed by one of the trusted root CA certificates installed on the client machine.

Verifies that the certificate has not expired by comparing the current time to the timestamps included in the certificate.

Verifies that the certificate host name in the URL is the same as the common name in the certificate Subject field.

Step 3 is an optional verification that ensures the host machine that the client connects to is the intended host machine. This verification is done by comparing the host name the user specified in the URL with the host name in the certificate returned by the Web server.

By default, OpenEdge performs host verification. However, when establishing a connection, a client application might indicate that host verification should not be performed. For WebClients and 4GL clients, a client can indicate that host verification should not be performed by using the –nohostverify connection parameter. For Open clients, the client uses the RunTimeProperties.setNoHostVerify method on the runtimeProperties object to indicate that host verification should not be performed.

If any one of these steps determines that the certification is not valid, then the connection to the AIA instance fails.