Kbase P156939: How to set up ODBC with SSL.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
18/04/2011 |
|
Status: Verified
GOAL:
How to set up ODBC with SSL.
GOAL:
Can the ODBC driver run in SSL mode?
FACT(s) (Environment):
Windows
OpenEdge 10.x
FIX:
OpenEdge documentation tells you how to configure the ODBC data source security, but assumes you know how to configure the "trust store". They expect you to get that from the DataDirect docs. The DataDirect doc has it, they use OpenSSL as the SSL service provider. From the OpenSSL documentation a "trust store" is a text file that contains one or more PEM encoded digital certificates. The $DLC/certs/psccerts.pem is an example of a multiple PEM encoded certificate trust store.
For example, (10.2B) an ODBC SSL data source against an OpenEdge database using the built-in OpenEdge SSL server certificate has been tested.
The Security tab shows:
Encryption Method: SSL
Validate Server Certificate: <checked>
Truststore: c:\oe10\dlc\certs\psccerts.pem
Truststore Password: <empty>
Host Name In Certificate: "Default Progress SSL Server"
The Truststore Password field can be dispensed with. It's a level of complexity you don't need.
The trick is to get a PEM encoded digital certificate. After you have that, you can use your own personal text editor to maintain the 'trust store' file. The $DLC/sslc utility does everything in terms of encoding and decoding digital certificates.
$DLC/sslc x509 -inform xxx -outform xxx -in <input-file> -out <output-file>
The $DLC/sslc utility is really a repackage of the openssl utility. So going to the openssl.org site's documentation and looking up the x509 utility will give you all of the usage information you should need.