Choose a dedicated cert/key when CLIENT initiate a SSL conne

Posted by dvoyat on 12-Apr-2017 03:20


We do have some potential need where several application running on same database/server need to post REST call using  SSL (TLSV1.2) session (HTTPS URL with client authentication required), each of the application having a different key/cert. Had a quick look on doc and haven't found any particular option which could allow us to choose something else than the default openedge cert/store. What we would like is something somehow similar as OPENSSL feature which let you initiating a SSL session with any key/certificate you specify as part of available option

This remains something we need ONLY when our application consume services from 3rd part application.

What comes to the services we currently exposed we're ok with the eg different PASOE instance which enable us  to use any key/cert per HTTPS port.

We're currently running a mix of 11.5/11.6.3 and shall start our migration to 11.7 soon.


All Replies

Posted by Peter Judge on 12-Apr-2017 07:54

The ABL Socket doesn’t yet support client-side certificates, and since the OE.NET HTTP client  uses the ABL socket, it doesn’t either.
There’s an Idea at  that you should vote on to indicate your support.

Posted by dvoyat on 12-Apr-2017 10:11

Thanks Peter ! not supporting mutual authentication is pretty bad news. This basically means that not any of our client will be able to consume service requiring client authentication. I'm defintelely supporting that improvement for sure. We unfortunately can rely on OAG as we're having lot of non progress client and I've understood OpenEdge can only support now propritary token.

Do you eg see any other alternative as using a forward proxy which will enable the client authentication for now ?

This thread is closed