Configure mutual TLS authentication
- Last Updated: September 16, 2025
- 3 minute read
- OpenEdge Command Center
- Version 2.0
- Documentation
When you install the OpenEdge Command Center server and OpenEdge Command Center agent on a
Windows or Linux platform, mutual TLS authentication is configured with default
certificates. You can configure mutual TLS authentication with your signed
certificates.
Note: Progress recommends using only valid TLS
certificates issued by a trusted certificate authority for production environments
in OpenEdge Command Center. Ensure that all TLS certificates are generated with a
key size of at least 3072 bits to comply with the enhanced security standards of
OpenEdge Command Center. The
nohostverify switch is intended for
convenience and you must use it only as a temporary measure during
development.Before you begin, ensure that you have administrator privileges.
Configure mutual TLS authentication with custom certificates
To configure mutual TLS authentication with your signed certificates, perform the following steps:
- Configure the OpenEdge Command Center agent to use your signed certificates:
- Stop the agent.
- Run the following command by providing values for
pKeyAlias,pKeyPath,certPath,rootCAAliasandrootCAPath.
where:java -jar <Agent_Root_Directory>\install\installer-util-2.0.0.jar fileName=agentConfig pKeyAlias=<key alias> pKeyPath=<key path> certPath=<.crt path> rootCAAlias=<ca alias> rootCAPath=<root ca .crt path>pKeyAlias: Alias for the agent private key.pKeyPath: Path to the private key file for the agent.certPath: Path to the certificate file for the agent.rootCAAlias: Alias for the root CA certificate.rootCAPath: Path to the root CA certificate file. It must be the same root CA that signed the server certificate.
- Restart the agent.
- Configure the OpenEdge Command Center server to use your signed certificates:
- Stop the server.
- Navigate to the <Server_Install_Directory>\conf\certs for Windows or <Server_Install_Directory>/conf/certs for Linux.
- Add the server certificate files.
- Navigate to the server-config.json file located in <Server_Install_Directory>\conf for Windows or <Server_Install_Directory>/conf for Linux, and then open the file.
- Update any or all the values for the following attributes in the
server-config.json file:
key: Path to the private key file for the server.keyPassPhrase: Passphrase for the private key.certificate: Path to the public certificate for the server, signed by the root CA.rootCA: Path to the root CA certificate.
- Restart the server.
Mutual TLS authentication is configured with signed certificates provided by you.
Reset mutual TLS authentication to use default certificates
To reset mutual TLS authentication to use the default certificates, perform the
following steps:
- Restore default certificates on the OpenEdge Command Center agent:
- Stop the agent.
- Run the following command:
java -jar <Agent_Root_Directory>\install\installer-util-2.0.0.jar fileName=agentConfig - Restart the agent.
- Restore default certificates on the OpenEdge Command Center server:
- Stop the server.
- Navigate to the
orig/certsfolder and copy the default certificates from the folder to theconf/certsfolder:- On Windows, copy certificates from <Server_Install_Directory>\orig\certs to <Server_Install_Directory>\conf\certs.
- On Linux, copy certificates from <Server_Install_Directory>/orig/certs to <Server_Install_Directory>/conf/certs.
- Navigate to the server-config.json file located in <Server_Install_Directory>\conf for Windows or <Server_Install_Directory>/conf for Linux, and then open the file.
- Update the values of the attributes you previously modified in the server-config.json file to their default values. For more details about attribute descriptions and file structure, see Server configuration file.
- Restart the server.
The configuration of mutual TLS authentication with signed certificates provided by you is reset to the one with default certificates. The
nohostverifyproperty is also set to its default value oftrue.