To protect network data using Transport Layer Security, you need access to private keys and digital certificates to negotiate TLS connections. OpenEdge provides utilities for installing and managing certificates.
Note: Make sure that your certificate is current. When your certificate expires, OpenEdge Replication will stop working.

This example assumes that you have a private key and a digital (public-key) certificate.

If you need to install keys or certificates, see Manage OpenEdge Keys and Certificates.

Consider the case where your source and target databases for OpenEdge Replication have shared keys and certificates on the same host, stored in the /keys and /certs directories, respectively.

  1. Make sure that your root certificate store is stored in the /certs directory.
  2. Make sure that you have a keystore stored in the /keys directory.
  3. Configure the OpenEdge Replication property files for the replication server and agent.

    In this example, both the source and target share the same TLS data, so the [SSL] section in the shared properties file looks like this: 

    host=localhost
[ssl]
  ssl-enable=1
  no-host-verify=1
  key-alias=dbtest
  key-alias-password=3c516b444131
  key-store-path=/.../keys
  cert-store-path=/.../certs

    For details about the properties section for TLS, see TLS properties and Configure the OpenEdge Replication property files.