Note:

TLS evolved from and superseded SSL. TLS is considered to be more efficient and secure than the older SSL. Even though TLS and SSL are separate and distinct protocols, the PAS for OpenEdge configuration process is the same for both.

In PAS for OpenEdge and in Tomcat, HTTPS port support is provided by the Transport Layer Security (TLS) implementation of the Java Secure Socket Extension (JSSE).

TLS is a standard protocol used to implement the encryption required for HTTPS communication.

PAS for OpenEdge allows you to specify an HTTPS port when you create an instance. The PASMAN utility supports specifying HTTPS ports with the -P option of the create action. For example, the following instance is created with an HTTP port of 8501 and an HTTPS port of 8601 :


        $: pasman.[sh|bin] create -p 8501 -P 8601 /psc/instance-name Server instance acme1 created at /psc/acme1

The following is an overview of TLS configuration in PAS for OpenEdge:

TLS Configuration
Important:

On a production instance, you must replace the default TLS Server Certificate shipped with PAS for OpenEdge with a fully qualified certificate from a Certificate Authority (CA).

Instance access via HTTPS is dependent on having an TLS Server Certificate. To support initial configuration and testing, Progress includes a self-signed server certificate in a Java keystore. (A key store is a file that contains the encrypted keys required for encoding and decoding information.) The Progress Software keystore is formatted according to the PKCS12 format and is maintained using the Java Keytool utility.

However, the default server certificate should only be used on a non-production instance, or as a temporary certificate for setting up TLS on a production instance. Using the default certificate on a fully functional and deployed production instance, is a serious security risk.