Information

Title	How to use SSL/TLS with Java Open Client

URL Name	How-to-use-SSL-TLS-with-Java-Open-Client

Article Number	000185283

Environment	Product: OpenEdge Version: 10.x, 11.x OS: All supported platforms Other: Java

Question/Problem Description

How to use SSL/TLS with Java Open Client

How to deploy a Java Open Client application using TLS or SSL

Configuration steps and Java code sample for SSL or TLS connections from a Java Open Client to the AppServer

Steps to Reproduce

Clarifying Information

Error Message

Defect Number

Enhancement Number

Cause

Resolution

To deploy a Java Open Client application using SSL or TLS to connect to the AppServer:

1. Enable the AppServer for SSL. For details, see article How to enable SSL for Webspeed and/or AppServer ? and documentation section "OpenEdge Application Server: Developing AppServer Applications, Chapter 4, Design and Implementation Considerations > Security considerations > Secure Sockets Layer".

2. Import the SSL server certificate into the psccerts.jar file using the procertm utility. For details on using procertm, see documentation section "OpenEdge Development: Java Open Client, Appendix B, Java Open Client Certificate Management Utility".

3. Deploy the following files to the client machine:

a. The Java Open Client proxy files generated by the ProxyGen utility. For details on using ProxyGen, see "OpenEdge Development: Open Client Introduction and Programming, Chapter 3, Generating Proxies and Web Service Definitions".

b. The correct Java Open Client runtime file. For OpenEdge 10.2B and earlier, deploy o4glrths.jar and messages.jar. For OpenEdge 11.0 and later, deploy o4glrt.jar.

c. The AppServer SSL digital certificate. The procertm utility may be used to import the SSL server certificate into the OpenEdge default root digital certificate package psccerts.jar file or another .jar file. For details on using procertm, see documentation section "OpenEdge Development: Java Open Client, Appendix B, Java Open Client Certificate Management Utility".

4. In the Java Open Client application code, specify the location of the AppServer certificate with a statement similar to the following:

RunTimeProperties.setCertificateStore("C:\Progress\certs\psccerts.jar");

Workaround

Notes

The attached file Java_SSL.zip contains ABL and Java sample code that can be used to demonstrate the above steps.

To protect against security vulnerabilities including POODLE, use one of the OpenEdge versions listed in article 000055503 below and configure components to use at least TLS 1.0. The highest version of TLS that both sides of the connection support is the best choice.

References to Other Documentation:

OpenEdge Application Server: Developing AppServer Applications, Chapter 4, "Design and Implementation Considerations > Security considerations > Secure Sockets Layer"
OpenEdge Development: Java Open Client, Appendix B, "Java Open Client Certificate Management Utility"
OpenEdge Development: Open Client Introduction and Programming, Chapter 3, "Generating Proxies and Web Service Definitions"
OpenEdge Development: Java Open Client, Chapter 1, "Configuring and Deploying Java Open Client Applications > Deploying an Open Client application that uses a Java proxy"
OpenEdge Development: Java Open Client, Chapter 7, "Accessing Proxy Properties > Accessing properties with methods > Accessing properties using purposed accessor methods > Secure Sockets Layer management methods"

Progress Articles:

How to find information on using SSL / TLS with the AppServer
How to enable SSL for Webspeed and/or AppServer ?
How does the POODLE vulnerability affect OpenEdge ?

Keyword Phrase

Last Modified Date	11/20/2020 7:23 AM