Click here for a list of the fixed issues.

The following table lists the release notes for this release:

Component Issue Number Description
Lang OCTA-77432

The default HTTPS configuration for .NET Open Client has changed to use TLSv1.2. Protocol options other than TLSv1.1, TLSv1.2, and TLSv1.3 will be ignored.
PASOE OCTA-42261

TCMAN and PASMAN are command-line utilities used for managing and administering PASOE. They support three types of actions: manager, server, and general, as described in the Learn about PAS for OpenEdge administration tools.

Configuring HTTPS for Manager Actions

When using an HTTPS port for a PASOE instance, manager actions require that the Java Trust Store contains the appropriate root certificates. Unlike other administration tools, these actions do not use the %DLC%/certs store.

Since each Java installation is unique, you must set up your certificates correctly in the Java Trust Store, in addition to configuring %DLC%/certs. This applies to all types of certificates:
  • PASOE default certificates
  • Self-signed certificates
  • CA-signed certificates

Steps to Configure Java Trust Store

Below are steps that work for most Java installations when using PASOE default certificates. Similar procedures can be followed for self-signed and CA-signed certificates.

  1. Add Root CA to the Java Trust Store

    To use the default certificates provided with PASOE, run the following command to add the corresponding root CA to the Java Trust Store.

    Start the proenv environment with elevated user permissions (root/Administrator), then use:

    Linux:

     keytool -import -trustcacerts -alias <alias_of_your_choice> -file $DLC/certs/506395dd.0 -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit

    Windows:

    "%JAVA_HOME%\bin\keytool.exe" -importcert -alias <alias_of_your_choice> -file %DLC%\certs\506395dd.0 -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit

    Confirmation Steps:

    • When prompted:
      Trust this certificate? [no]: yes
      Type yes to confirm.
    • If successful, you should see:
      Certificate was added to keystore

  2. Validate Hostname Configuration

    For HTTPS communication during manager actions, PASOE utilizes the {{psc.as.https.nohostverify}} property, which is set to a default value of “true”:

    This configuration permits testing with the default certificates provided by PASOE. However, in production environments, it is essential to enable hostname verification. This can be accomplished by adding the following property to the catalina.properties file of a PAS instance:

    psc.as.https.nohostverify=false
    This ensures secure HTTPS communication in a real-world deployment.