Kbase P151000: How to setup SSL for the AIA?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
8/13/2009 |
|
Status: Unverified
GOAL:
How to setup SSL for the AIA?
GOAL:
How to setup SSL for the AppServer Internet Adapter?
FACT(s) (Environment):
All Supported Operating Systems
Progress 9.x
OpenEdge 10.x
OpenEdge Server Technology Category: AppServer
FIX:
The AIA acts as an intermediary between the AppServer or BrokerConnect and clients that must access the server over the Internet.
An application session involves two distinct connections, each of which is configured separately with respect to security.
The first connection is Internet-based between the client and the AIA.
For this connection to be secure, the following conditions must be met:
The client must use HTTPS protocol to send requests.
The AIA must be HTTPS-enabled; that is, it must be configured to accept HTTPS requests from
clients (via the Java Servlet Engine (JSE) or Web server).
To configure the AIA to accept HTTPS connection requests, the value of httpsEnabled must be set to 1 (default is 0 -- off).
This can be enabled by checking the HTTPS enabled box in the General properties category in the Progress Explorer,
or by manually editing the ubroker.properties file to set httpsEnabled=1.
The Java Servlet Engine or Web server must support server authentication.
Supporting server authentication requires that X.509 digital certificates be installed on both the Web server (or JSE) and the client machine.
Each Java Servlet Engine,JSE
At each Web server to be accessed, a server certificate that uniquely identifies this Web server must be installed.
As part of the SSL protocol, this server certificate is sent from the Web server to the client.
The second connection is via AppServer protocol between the AIA and the AppServer or BrokerConnect.
For this connection to be secure, the following conditions must be met:
The AIA must be SSL-enabled, meaning that it sends SSL data to the AppServer or
BrokerConnect that is to process the client requests. To configure the AIA to send SSL
requests, you set the property sslEnable=1. You set this property by checking the Enable
SSL AppServer connections box in the SSL properties category in the Progress Explorer
or by manually editing the ubroker.properties file. In addition, you must obtain and
install public key certificates for the AIA host machine.
The AppServer or BrokerConnect must be SSL-enabled, meaning that it accepts SSL
requests from the AIA (or other clients). You set the property sslEnable=1 by checking
the Enable SSL Client Connections box in the SSL General properties category in the
Progress Explorer, or by manually editing the ubroker.properties file. You must also
obtain and install a server private key and public key certificate and set additional SSL
server properties.