To protect network data using Transport Layer Security, you need access to private keys and digital certificates to negotiate TLS connections. OpenEdge provides utilities for installing and managing certificates.
Note: Make sure that your certificate is current. When your certificate expires, OpenEdge Replication will stop working.

This example assumes that you have a private key and a digital (public-key) certificate.

If you need to install keys or certificates, see Manage OpenEdge Keys and Certificates.

Consider the case where your source and target databases for OpenEdge Replication have shared keys and certificates stored in the /keys and /certs directories, respectively, but on different hosts. The [SSL] section in the properties files will look the same, but each host will have a distinct [control-agent] section.

For example, let's assume the host name sourcehost on the source and targethost on the target.

  1. In this example, both the source and target use the same TLS data. Let's assume that the source host name is sourcehost and the target host name is targethost. The [SSL] section in the source host properties file looks like this: 
    [control-agent.agent1]
   name=agent1
   database=target
   host=targethost		// host name on target
   port=7301
[ssl]
  ssl-enable=1
  no-host-verify=1
  key-alias=dbtest
  key-alias-password=3c313b888131
  key-store-path=/.../keys
  cert-store-path=/.../certs
  2. In this example, both the source and target use the same TLS data, so the [SSL] section in the target host properties file looks like this: 
    [control-agent.agent0]
   name=agent0
   database=source
   host=sourcehost		// host name on source
   port=7305
[ssl]
  ssl-enable=1
  no-host-verify=1
  key-alias=dbtest
  key-alias-password=3c313b888131
  key-store-path=/.../keys
  cert-store-path=/.../certs

    For details about the properties section for TLS, see TLS properties and Configure the OpenEdge Replication property files.