Security considerations
- Last Updated: February 9, 2026
- 2 minute read
- OpenEdge
- Version 12.8
- Documentation
HTTPS/SSL and client-side certificates
The HTTP client can make requests to HTTPS URLs as long as the correct client-side certificates are installed in the OpenEdge certificate store. The HTTP client does not automatically install client certificates.
See the OpenEdge Getting Started: Installation and Configuration guide for more information on installing and managing certificates.
The easiest way to retrieve the relevant certificates is to navigate to the URL of interest using a browser. The browser indicates that it is connected via SSL with a padlock. Clicking on the padlock provides a means to inspect and export the certificates for that site. Make sure you export all of the certificates for the site (there's usually a tree or chain of them) and import them into the OpenEdge certificate store.
HTTP Authentication
The HTTP Client supports HTTP Basic and Digest authentication, either
pre-emptively (ie set by the developer in advance) or on request (using a 401/Unauthorized status and the WWW-Authenticate header).
Credentials
Credentials are not persistently stored in the HTTP client library.
Credentials can be added to a request or URI using an OpenEdge.Net.HTTP.Credentials object, which is a simple set of
properties for user domains, names and passwords. These credentials are used to
provide authentication to a request.
Session reuse
The HttpClient uses an ABL socket to send requests and receive responses from
the server. The HTTPClient performs a CONNECT()
and DISCONNECT() on the socket for each request. The socket handle
lives as long as the HttpClient.
The HttpClient has a ReuseSession property that applies to
the connection. When using TLS Client Authentication, if the
ReuseSession on the HttpClient is
FALSE it adds the -nosessionreuse option for
the socket on the CONNECT() method. This default behavior avoids
the accidental reuse of credentials for TLS Client Authentication. The
ReuseSession option on the HttpClient applies
only to the TLS connection, not the socket connection to the server.
For more information about socket connection parameters, see socket connection parameter.