Progress
Open Client
Developer’s Guide
Managing Digital Certificates
When a client connects to an SSL enabled Web server, the Web server sends its digital certificate to the client to prove its identity. The client is responsible for authenticating that identity. Authentication is done using Root Digital Certificates. The client does this by locating the local Root Digital Certificate on the client machine that corresponds to the Web server certificate issued by the CA for the Web server. This local certificate is then validated against the certificate sent by the Web server to authenticate the identity of the Web server.
To meet the demands of the worldwide software distribution that Progress Software supports, a set of international CA Root Digital Certificates is distributed with the Progress installation. Though these Root Digital Certificates can be distributed and used as is, the size might make it impractical to use. For example, you might not want to use these Root Digital Certificates with applets due to the download time required.
Progress Software recommends that your application or applet be distributed with a minimal set of Root Digital Certificates from the set provided. You can then provide the application or applet deployer the capability of adding one or more Root Digital Certificates with the
setCertificateStore()
method in order to satisfy their specific requirements. This provides the deployer with a way to develop their specific method of distributing their own Root Digital Certificates to their users and then dynamically configuring the Open Client application or applet to use them.NOTE: If the Web server is configured to use a Digital Certificate issued by a private Certificate Authority (CA), it would never be included in the set distributed by Progress.The compressed file names of the Root Digital Certificates do not indicate which certificates are included. However, Progress provides a certificate management utility (
procertm.exe)
that you can use for viewing and managing the files. For more information about the certificate management utility, see "Certificate Management Utility."The following table lists the Open Client application type, run-time environments, and Root Digital Certificate packages that Progress distributes.
In all cases, the Root Digital Certificates that Progress distributes are in binary (DER) format. All of the certificate files use compressed file names and have
.cer
file extensions. The exception is for the Netscape Internet Browser where the Root Digital Certificates are in files with a.txt
file extension.
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |