SSL on the CONNX Enterprise Server Service
CONNX Supports SSL/TLS connections from the CONNX client to the 32-bit and 64-bit Enterprise Server Service (ESS) running on Windows.
In order to use CONNX with SSL when connecting to ESS, the following requirements must be met.
1. The ESS service must be configured to listen with SSL.
2. An SSL Certificate and Key file are required.
Creating an SSL Certificate and Key File
Use openssl to create your certificate and key file.
CONNX ships with a 64-bit OpenSSL command line. It is located in the OpenSSL directory under the root of your 64-bit CONNX installation.
Open a command prompt and navigate to this directory. The following is an example of creating a self-signed key and certificate:
openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -config openssl.cnf
In this example, key.pem is the private key file, and cert.pem is the certificate file. Both of these files are required when configuring the SSL Listener.
Enabling SSL for the CONNX Enterprise Server Service
To Enable CONNX SSL for ESS, set CONNX.CNXLISTENSSL to 1.
Transfer your SSL Certificate and key to the system running ESS.
Define the CONNX.SSLCERT and CONNX.SSLKEY configuration settings that will point CONNX to the certificate and key.
Once these setting changes are made, restart the EES Service.
On the client side, the CONNX data dictionary must be configured to use SSL to connect to the server.
If you have an existing data dictionary, and you want to enable SSL for one or more databases in the CDD, there is also a Use TLS/SSL checkbox at the database panel for any database that supports SSL. Use this checkbox to enable/disable SSL for the specified database connection.
It is possible to configure some databases in the CDD to use SSL, and others without SSL.