You can manage trusted CA/root digital (public-key) certificates for OpenEdge clients and servers that support TLS connections using a root certificate store located in the OpenEdge-Install-Dir\certs directory. Each OpenEdge TLS client and server requires the root certificate store entry that contains the public-key certificate from the CA who signed and issued the public-key certificate for the TLS server that the client and server needs to access. Without access to this CA's root digital certificate, the OpenEdge clients and servers will be unable to validate the identity of the TLS server and will abort the TLS connection process. For more information about the OpenEdge client and server components that support TLS client and server configuration, see Introduction to Security and Auditing.

If you require only data encryption and do not need to verify the identity of TLS servers (typically, for intranet configurations only), OpenEdge comes with the root digital certificate from the Progress Software Corporation CA (who also signed and issued the default_server keystore digital certificate for OpenEdge TLS servers already installed). The Progress Software Corporation CA root digital certificate is distributed in PEM format as d9855a82.0 and in DER format as pscca.cer (suitable for importing into a Windows workstation for use by an OpenEdge .NET Open Client). This default entry contains a common root public-key certificate that you can use to access any supported OpenEdge TLS server. For more information about the default root public-key certificate, see Introduction to Security and Auditing.