Each deployed OpenEdge REST application acts as an intermediary between the AppServer and the clients that access its services from the Internet or an intranet. As a result, an application session involves two distinct connections, each of which is configured separately with respect to security.

The first connection is between the REST client and the OpenEdge REST application. To make this connection secure, the following conditions must be met:

  • The client must use the HTTPS protocol to send requests.
  • The OpenEdge REST application must be HTTPS-enabled; that is, it must be configured to accept HTTPS requests from clients (via the Java Servlet Container or the Web server).
  • A private key and a Web server digital certificate must be installed on the Web server or standalone Java SErvlet Container, and must be configured for TLS support.
  • In the OpenEdge REST application web.xml file, the security-context element must be changed from NONE to CONFIDENTIAL.
  • In the runtime.props file for the application, the URI must be set to use the HTTPS protocol instead of HTTP.

The second connection is an AppServer protocol connection between the OpenEdge REST application and the AppServer. For this connection to be secure, the following conditions must be met:

  • You must obtain and install public key certificates for the OpenEdge REST application's host machine (the machine hosting the Java Servlet Container). OpenEdge provides built-in keys and certificates for development. For production machines, you should obtain server certificates from an internal or public Certificate Authority (CA). See OpenEdge Application Server: Administration for more information about public keys.
  • The service must send TLS requests to the AppServer. To configure the application to send TLS requests, you set the value of the appServiceProtocol property to AppServerS or AppServerDCS. You set this property, either for a specific application or as the default for REST applications deployed to a given Java Servlet Container, by using OpenEdge Explorer.
  • The AppServer must be TLS-enabled, meaning that it accepts TLS requests from the OpenEdge REST applications (or other clients). You set the property sslEnable=1 by checking the Enable SSL Client Connections box in the SSL General properties category in the Progress Explorer, or by manually editing the ubroker.properties file on the AppServer host machine. You must also obtain and install a server private key and public key certificate and set additional TLS server properties. See OpenEdge Application Server: Administration for more information on configuring the AppServer.