DataServer components have the option of configuring DataServer client and server instance to require Transport Layer Security (TLS) client connections in remote DataServer configurations. Users can maintain both TLS-enabled and non-TLS Transaction Server instances. However a given instance supports only one type of connection, either secure or non-secure.

DataServer Security is based on the client authenticating the server's identity using a Public Key Infrastructure (PKI) and a symmetric data encryption system. To configure a Transaction Server instance for TLS operation, you must:
  • Install a server private key and a public key certificate. OpenEdge provides built-in keys and certificates that are suitable for use on development or demonstration servers; for production machines, you should obtain server certificates from an internal or public Certificate Authority (CA).
  • Specify an alias and password for access to the private key/digital certificate.
  • Disable session caching, or enable it with a specified timeout.
To connect to a TLS-enabled OE DataServer component, Client and Servers must have access to a digital (public key) certificate that can authenticate with the digital certificate used by the server, and the client must be configured to send TLS requests. All OpenEdge-managed TLS servers rely on a common OpenEdge key store to manage the private keys and server digital certificates required to support TLS connections from clients. Similarly, most OpenEdge-managed TLS clients and servers rely on a common OpenEdge certificate store to manage the root CA digital certificates that enable them to establish connections to appropriate TLS servers. With OpenEdge installation a third party Public/Private key pair is provided for testing. The root CA certificate is located in $DLC/keys/default_server.pem and the public key is located in $DLC/certs/pscca.cer.

For more information, about configuring and connecting the DataServer, see:

For more information about the Unified Broker Framework, its elements, and how Unified Broker products such as the DataServer for MS SQL Server work within the framework, see OpenEdge Getting Started: Installation and Configuration.