Rocket Uniface User Forum

 View Only

An Easier Way to Configure a More Secure Application with TLS

By Jan Cees Boogaard posted 09-13-2021 05:26


We know how important secure communication is for your Uniface application, which is why Uniface supports the use of the TLS protocol. Rather than making Uniface TLS-configured straight out of the box, we wanted to ensure you maintain the flexibility to decide which communication channels you wish to secure. That's why we have taken some steps to make it simpler for you to configure TLS.

What is TLS?

The Uniface Transport Layer Security (TLS) connector enables you to use certificate-based public-private key pairs to encrypt communication between communication peers. For example, between Uniface servers, clients, databases, and external services, such as email and web services. The TLS connecter also supports encrypted network connections between the Uniface Router and Uniface servlets—the Web Request Dispatcher (WRD) and SOAP Request Dispatcher (SRD). You can learn more about how TLS works here.

New Guidance in the ASN Settings

To make it as simple as possible to configure your application to use TLS, as of versions 10.3.03 and 10.4.01, we have added the necessary TLS configuration settings to the ASN files in the Uniface installation. These settings are commented out by default, and can be found in: 

  • urouter.asn
  • userver.asn
  • urmon.asn
  • wasv.asn
  • web.xml

Depending on which channels you want to configure, you can simply go to the relevant ASN files, uncomment the settings and customize them as needed.

An Easier Way to Generate Certificates

The TLS protocol makes use of public keys embedded in signed digital certificates to authenticate communication. The keys encrypt the data, which can only be decrypted using the private key of the certificate owner.

You can use a tool such as OpenSSL to create certificates and generate these keys. This can be obtained from one of the sites suggested by the OpenSSL Wiki

As of versions 10.3.03 and 10.4.01, Uniface now provides the OpenSSL executable in the \common\bin folder of the Uniface installation, to make it even easier to generate a certificate. On Linux, it is usually pre-installed. 

TLS Configuration Tutorial

We've put together a simple tutorial to guide you through the process of configuring TLS, using a self-signed certificate and the ASN settings. You can find our tutorial on how to use TLS configuration with certificates in the Uniface Documentation, as well as detailed information on everything you need to know about TLS.