OpenEdge TLS client and server components

OpenEdge-managed TLS client connection points indicate TLS clients specifically supported by OpenEdge. These clients can be accessing OpenEdge servers using TLS, either indirectly on the Internet (using HTTPS) or directly on an intranet, depending on the server involved in the connection. OpenEdge-managed TLS server connection points indicate TLS servers specifically supported by OpenEdge for direct access on an intranet without the need for an intervening Internet connection.

All OpenEdge-managed TLS servers rely on a common OpenEdge keystore to manage the private keys and server digital certificates required to support TLS connections from clients. These OpenEdge-managed TLS servers include the OpenEdge Database, PAS for OpenEdge, and ABL socket servers.

Similarly, most OpenEdge-managed TLS clients and servers rely on a common OpenEdge certificate store to manage the root CA digital certificates that enable them to establish connections to appropriate TLS servers. These OpenEdge-managed TLS clients and servers in ABL include database clients, socket clients, web service clients, and the SQL clients (JDBC and ODBC). Exceptions include the .NET and Java Open Clients, which rely on their own certificate store facilities as supported by the Open Client Toolkit.

For more information on OpenEdge support for managing key and certificate stores, see Manage TLS server identity.

The OpenEdge TLS client and server connections shown within (or between) ABL applications indicate ABL applications acting as TLS clients, TLS servers, or both using ABL socket connections. Using sockets, ABL applications running on different ABL client machines can communicate securely with each other using the same TLS infrastructure as any OpenEdge TLS client and server (such as an ABL client and PAS for OpenEdge). Note, also, that ABL sessions can be socket servers for non-ABL socket clients and can be socket clients for non-ABL socket servers.