Java Open Clients securely connect to ABL application servers using HTTPS (Hypertext Transfer Protocol Secure) connections. This protocol encrypts data sent between clients and application servers. To encrypt the data, the clients and servers must share a certificate. TLS (Transport Layer Security) is configured on the application server by the System Administrator. The System Administrator supplies the necessary certificate files used to verify that the server is a trusted applications server. For more information on how to setup server security, see Use TLS in PAS for OpenEdge. Client developers must then import the server certificates into their client keystore.

Import server certificates on Java Open Clients

OpenEdge provides a certificate management tool (procertm) to view and manage digital certificates. This utility runs in Windows and UNIX. You use it to import, export, and remove certificates to and from the client keystores. The keystores are .jar or .zip files.
  1. Run the following command to import ca_certificate to the client's keystore. 
    procertm -i ca_certificate.crt cert_store -v -l

    The options used include:

    • -i Imports any certificates specified with the -i option from the working directory into 
      cert_store
      . If a certificate is not found, a warning message displays.
    • cert_store Path to the digital certificate you want to import. Relative path to the working directory.
    • -v Prints verbose details during the import.
    • -l Lists the contents of the cert_store file after import.
      Note: This is the same utility for importing, exporting and removing certificates from the certificate store. For complete details on the procertm utility, see Manage certificate store files.
  2. When clients connect to the application server using HTTPS , the client keystore is automatically checked for a valid server certification.

Certificates for development and test systems

OpenEdge ships a small set of root digital certificates from leading industry Certificate Authorities (CAs), with the Open Client Toolkit. These digital certificates are intended only for use during development and test cycles. Production systems should use certificates from a Certificate Authority.

The certificate files included with the Open Client Toolkit are stored in .zip and .jar files called certificate store files, in the DLC/certs directory. Each certificate store file holds several individual root digital certificates and contains one digital certificate list (.dcl file) that lists all certificate files stored in the file.

The individual certificates have one of the following formats:

  • DER — These file types have extensions of .cer and .crt. There is no difference between these types. One file stores one binary certificate.
  • PEM — These file types have extensions of .pem, .txt, and .0. There is no difference between these types. One file stores one or more certificates.

You can use procertm to convert digital certificates between .der and .pem file formats. For more information, see Convert digital certificates.