You can use the following advanced options when configuring the use of HTTP or HTTPS:

  • Use a trust keystore other than the demo provided by OpenEdge Management.
  • Identify trusted clients for HTTP or HTTPS.

To use the advanced options:

  1. In the OpenEdge Management Web Server Configuration page, click Advanced Options.
    The expanded OpenEdge Management Web Server Configuration page appears.
  2. Under HTTP Configuration, specify the name of one or more trusted clients in the Trusted clients field. Use a comma-delimited list to specify more than one trusted client.

    You can specify trusted clients by host IP address, IP address range with the * wildcard (such as 123.123.123.*), or subnet in the CIDR notation (such as 123.123.123.0/16).

  3. Under HTTPS Configuration, notice that the following fields are prefilled with data taken from the demo keystore, which is ${catalina.base}/conf/tomcat-keystore.p12:
    • Keystore path
    • Keystore pass phrase
    • Alias

    The Keystore pass phrase and Alias fields are case-sensitive.

    The following details relate to the demo certificate information:

    • Owner—The Common (CN) and Organization (O) name components of the Distinguished Name (DN), whose public key the certificate identifies. For the demo, the owner is Demo or localhost, Progress Software Corp.

      Note that most popular browsers expect the common name portion of the owner name to be the DNS host name of the machine that is using the certificate for secure communication. If a certificate has a different common name, as does the demo certificate, the browser notifies you of the difference when you connect to a Web server using this certificate.

    • Issuer—The Common (CN) and Organization name components of the Distinguished Name (DN), the organization that signed the certificate.
    • Type—The type of certificate. X.509 is the most widely accepted format and is currently the only format supported by keytool. This is also the default format used by cryptographic protocols.
    • Public key—The algorithm used to generate the public-private key pair. This should always be RSA, which is the only algorithm that some browsers recognize.
    • Signature algorithm—The algorithm used by the CA to sign the certificate.
    • Version—The version of the X.509 standard that applies to this certificate. There are currently three certificate versions: V1, V2, and V3.
    • Valid from—The dates for which the certificate is valid.
  4. In the Trusted clients field, specify the name of one or more trusted clients. Use a comma-delimited list to specify more than one trusted client.
  5. Click Submit. A message appears confirming that the configuration has been successfully updated.
  6. Click OK.

The changes you make to the configuration might require you to reconnect (log in again) to OpenEdge Management.

To set the cryptographic protocol and cipher for a web server, you must set the following properties in the fathom.properties file that is available at $OEMgmt/conf:

Property Description
sslEnable Default value: 0

Enables you to change the cryptographic protocols and ciphers for secure communication with a web server. If you enable TLS for the web server in OpenEdge Management, this property is set to true.
SSLEnabledProtocols Default value: TLSv1.2 and TLSv1.3

Supported values: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3

If you want to change the default cryptographic protocol for the web server, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic protocols that are set for secure communication.
SSLEnabledCipherSuites

If you want to change the default cryptographic ciphers for the web server, enter this property in the fathom.properties file. The property accepts a comma-separated list of valid cryptographic ciphers that are set for secure communication.
Note: Transport Layer Security (TLS) is the new version of SSL.