Before you can enable an TLS connection of any kind, you must ensure that TLS servers and clients have access to the required keys and digital certificates to properly authenticate a connection and exchange encrypted communications over it. Each TLS server asserts its identity using a private key and server public-key certificate (keystore entry) accessed from the servers keystore. Each TLS client must successfully validate the servers identity using a corresponding root public-key certificate (root certificate store entry) accessed from the client's certificate store. The client and server also use their corresponding TLS key and certificate store entries to initiate encrypted communications between them.

OpenEdge provides a common keystore for all OpenEdge-managed TLS servers and a common certificate store for all OpenEdge-managed TLS clients. This allows you to use a common set of TLS management tools to support your OpenEdge TLS infrastructure.

Note: OpenEdge provides separate certificate store management for Java Open Clients and relies on Microsofts certificate store management for .NET Open Clients. For Web service clients and Web servers (or JSEs), you must use the key and certificate store tools provided for the specific client or server platform. For more information, see Use the Open Client Toolkit and the documentation for your TLS client or server platform.

You use these OpenEdge key and certificate stores to support both Internet and intranet TLS communications between TLS servers and TLS clients.

For more information on the tools for managing the common OpenEdge key and certificate stores, see Manage OpenEdge Keys and Certificates.