For an TLS server, you must have installed a private key and digital (public key) certificate that uniquely identifies your ABL socket server as an TLS server and allows all communications to be encrypted between it and any TLS client. You can use the default key and certificate store provided by OpenEdge without any additional work. This provides default encryption services between all OpenEdge clients and servers and there by eliminates the need for client-server authentication to complete TLS connections.

However, to create a complete TLS implementation that supports all the features of TLS, you must obtain a unique private key and server digital certificate from an industry-recognized certificate authority (a CA such as Symantec) or create them yourself, as your own private CA, using server certificate administration software that you obtain on your own. Once you have the required private key and digital certificate, you can install it confidentially on your server system using the pkiutil command-line tool provided by OpenEdge. At this point your ABL socket server is ready to enable TLS connections.

For more information on OpenEdge TLS support, CA's, keys, digital certificates, and using pkiutil, see Introduction to Security and Auditing.