You can add a wildcard " * " character in the subject name or common name fields in the public key certificate so that you can define a single common name for multiple domain names. For example, a certificate with "*.host.example.com" common name can be used for user1.host.example.com, user2.host.example.com, or user3.host.example.com.

By default, the client matches the hostname with a wildcard common name using the regEx matching technique. For example, *.progress.com is a valid wildcard common name for user.host.example.com. If you want to validate the hostname as per the RFC 6125 guidelines, set the following environment variable to true:

  • PSC_SSLSTRICT_HOSTNAME_VERIFY=<true> for Java and ABL clients.
  • Progress.Open4GL.RunTimeProperties.StrictHostVerify=<true> for .Net clients.
    Note: Starting with OpenEdge 12.8.7, the StrictHostVerify property has no effect on .NET Open Client. Hostname verification—excluding the behavior controlled by the NoHostVerify property—is now entirely governed by the capabilities of the .NET runtime. For detailed behavior, refer to the official .NET documentation. Typically, .NET defers to the operating system on Windows and to the system-installed OpenSSL on Linux, so the actual implementation may vary depending on the platform.
Note: OpenEdge Management supports only strict mode.