Release 10.1A: OpenEdge Getting Started:
Installation and Configuration

Managing certificate stores for OpenEdge clients

You can manage trusted CA/root digital (public-key) certificates for OpenEdge clients that support SSL connections using a root certificate store located in the OpenEdge-Install-Dir\certs directory. Each OpenEdge SSL client requires the root certificate store entry that contains the public-key certificate from the CA who signed and issued the public-key certificate for the SSL server that the client needs to access. Without access to this CA’s root digital certificate the OpenEdge client will be unable to validate the identity of the SSL server and will abort the SSL connection process. For more information on the OpenEdge client components that support SSL client configuration, see the documentation on the supported SSL client components described in OpenEdge Getting Started: Core Business Services .

If you require only data encryption and do not need to verify the identity of SSL servers (typically, for intranet configurations only), OpenEdge comes installed with the root digital certificate from the Progress Software Corporation CA (who also signed and issued the default_server key store digital certificate for OpenEdge SSL servers). The Progress Software Corporation CA root digital certificate is distributed in PEM format as d9855a82.0 and in DER format as pscca.cer (suitable for importing into a Windows workstation for use by an OpenEdge .NET Open Client.). This default entry contains a common root public-key certificate that you can use to access any supported OpenEdge SSL server. For more information on the default root public-key certificate, see the sections on the OpenEdge default server identity in OpenEdge Getting Started: Core Business Services .