To protect network data using Transport Layer Security, you need access to private keys and digital certificates to negotiate TLS connections. OpenEdge provides utilities for installing and managing certificates.
Note: Make sure that your certificate is current. When your certificate expires, OpenEdge Replication stops working.

This example assumes that you have a private key and a digital (public-key) certificate.

If you need to install keys or certificates, see Manage OpenEdge Keys and Certificates.

Consider the case where your source and target databases for OpenEdge Replication have keys and certificates stored in different /keys and /certs directories on different hosts. The [SSL] section and [control-agent] section on each host is distinct.

For example, let's assume the host name sourcehost on the source and targethost on the target. The keys are stored in two different directories, DiffHost-DiffKeysCerts1 and DiffHost-DiffKeysCerts2.

  1. The source host properties file might look like this: 
    [control-agent.agent1]
   name=agent1
   database=target
   host=targethost		// host name on target
   port=7301
[ssl]
  ssl-enable=1
  no-host-verify=1
  key-alias=dbtest
  key-alias-password=3c313b888131
  key-store-path=/DiffHost-DiffKeysCerts1/keys
  cert-store-path=/DiffHost-DiffKeysCerts1/certs
  2. The target host properties file, in contrast, would look like this: 
    [control-agent.agent0]
   name=agent0
   database=source
   host=sourcehost		// host name on source
   port=7305
[ssl]
  ssl-enable=1
  no-host-verify=1
  key-alias=dbtest
  key-alias-password=3c313b888131
  key-store-path=/DiffHost-DiffKeysCerts2/keys
  cert-store-path=/DiffHost-DiffKeysCerts2/certs

    For details about the properties section for TLS, see TLS properties and Configure the OpenEdge Replication property files.