Access an TLS server's X.500 Subject Name
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
Most user-programmable OpenEdge TLS clients, including ABL clients, .NET Open Clients, and Java Open Clients, provide a mechanism for you to access the authenticated TLS server name of most TLS servers directly involved in an TLS connection. The TLS server name is the X.500 Subject name in the TLS server certificate used to authenticate the TLS server to the client. This name is distinct from and often different than the network host name of the computer on which the TLS server runs.
For Internet connections, where the immediate TLS server is the Web server and not necessarily the final server endpoint for the client, the TLS server name returned is that of the Web server. This is true even if the Internet client ultimately accesses a PAS for OpenEdge instance that is accessed as an TLS server.
This feature is a useful tool when you must disable TLS server host name verification (see Table 3), yet you want the application to verify the connected TLS server. Thus, when you disable host name verification, after each TLS connection to a server, you can use this feature to access the TLS server name and verify it manually against an internal list of acceptable TLS server connections.
The following table describes the mechanisms provided by supported, programmable, OpenEdge TLS clients for accessing the TLS server name and indicates where you can find more information about them.
| This TLS client component: | Uses this mechanism: | To access the TLS server name as described in: |
|---|---|---|
| ABL database client |
SSL-SERVER-NAME function |
|
| ABL client of a PAS for OpenEdge instance, Web service, or socket server |
SSL-SERVER-NAME attribute of the PAS for OpenEdge
instance, Web service, or server socket handle |
|
| .NET Open Clients |
_GetSSLSubjectName() common Open Client object method |
|
| Java Open Clients |
_getSSLSubjectName() common Open Client object method |
|