CONNX Supports SSL/TLS connections from the CONNX client to the 32bit and 64bit Enterprise Server Service (ESS) running on Windows.
In order to use CONNX with SSL when connecting to ESS, the following requirements must be met.
Use openssl to create your certificate and key file.
CONNX ships with a 64bit OpenSSL command line. It is located in the OpenSSL directory under the root of your 64bit CONNX installation.
Open a command prompt, and navigate to this directory.
Please refer to OpenSSL documentation for details on all of the possible
settings when creating keys and certificates. Here is an example
of a self-signed key an certificate creation:
openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -config openssl.cnf
In the above example, key.pem is the private key file, and cert.pem is the certificate file. Both of these files will be required when configuring the SSL Listener.
To Enable CONNX SSL for ESS, the following CONNX configuration setting must be set:
CONNX.CNXLISTENSSL must be set to 1
Transfer your SSL Certificate and key to the system running ESS.
Define two configuration settings that will point CONNX to the certificate and key called CONNX.SSLCERT and CONNX.SSLKEY.
Once these setting changes are made, the EES Service must be restarted.
On the client side, the CONNX data dictionary must be configured to use SSL to connect to the server.
If you have an existing data dictionary, and you want to enable SSL for one or more databases in the CDD, there is also a "Use TLS/SSL" checkbox at the database panel for any database that supports SSL.
Use this checkbox to enable/disable SSL for the specified database connection.
It is possible to configure some databases in the CDD to use SSL, and others without SSL.