Kbase P10404: What components are necessary to connect HTTPS with Digital Signed Certificates
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
9/23/2008 |
|
Status: Verified
GOAL:
What Products are Required to Run AIA Using HTTPS?
GOAL:
What is required to Deploy Digital Certificates with Progress Client
FACT(s) (Environment):
All Supported Operating Systems
Progress 9.x
OpenEdge 10.x
FIX:
This solution discusses the certificates necessary to run the Progress
Secure AppServer, a new product that includes the AppServer plus a
Secure AppServer Internet Adapter (AIA) using HTTPS.
EXPLANATION:
By installing the product, you get a server-side right-to-run bit that
allows you to communicate with the AIA/AppServer using HTTPS from a
4GL client (including, but not limited to WebClient).
A secure AIA license is necessary in order to run the AIA such that it can be
connected to using HTTPS.
The use of HTTPS means that you are running HTTP over a secure socket
layer (SSL). In order to run SSL, the WebServer must have an X.509
digital certificate that is signed by some trusted Certificate
Authority (CA) that both the client and the server agree on (for
example, Verisign in the United States, but there are many others).
When you enable HTTPS on a web server, server certificates are
typically installed by the web server vendor.
The WebClient install
includes a set of client certificates for the well known CAs
(Verisign, RSA, etc.) or you can install the new Secure Client product
to enable HTTPS with other 4GL clients.
This means several standard trusted root certificates are
pre-installed as part of the WebClient installation. These
certificates are not required if you are not using HTTPS.
The signed certificate must be installed into the WebServer in a
server-specific manner. The trusted root certificate must be installed
into the $DLC/certs directory on the client machine if it is not
already there. The server certificate that is installed in the
WebServer does not need to be installed on the client machine.
For example:
Company A wants to run AIA in secure mode. It goes to Verisign to
get a X.509 digital server certificate and installs the
certificate in its WebServer. The Verisign trusted root
certificate is installed as part of the WebClient installation so
no certificates need to be installed on the client machine.
Now Company B wants to run AIA in secure mode. Instead of going
to Verisign, which everyone knows and trusts, it has its own
internal CA. In this case, the digital certificate returned from
the CA must be installed into the WebServer and the trusted root
certificate for the CA must be installed in the $DLC/certs
directory on the client machine.