ABL client socket mTLS enabled and the sslKeyFile option

[orombauts]

Hi,

I have this server 'DTREDIS1' set up with mTLS enabled.

When using openssl s_client from the client machine, the connection works fine:

"C:\Program Files\OpenSSL-Win64\bin\openssl" s_client -connect DTREDIS1:6379 -key c:\share\client.key -cert c:\share\client.crt -CAfile c:\share\ca.crt

On the ABL client socket I should have the following on the connect statement:

-H DTREDIS1 -S 6379 -ssl -nohostverify -sslAuth ssl -sslKeyFile <pem-file>

Question is:

How can I configure the <pem-file> to make it work in my ABL client? My assumption is that the key, cert and CAfile needs to be available somehow in the DLC\keys folder, in I a single <pem-file> I guess. Is my assumption correct, and what do I have to do exactly?

Thanks in advance!

Greetings,
Olivier

 

[JamesBowen]

REF: https://docs.progress.com/bundle/abl-reference/page/CONNECT-method-Socket-object.html

Having a quick read of the document it seams to me the PEM file will need to contain the Public Certificate and the Private Key. I believe that you can do something like this.

cat clientCert.crt private.key > clientAuthentication.pem

You can specify the absolute path of the PEM file or it defaults to the dlc\keys folder.

As part of the mutual TLS handshaking process you will only be presenting your public certificate. iIt would not need to include the CA bundle/chain.

I would need to play around about having encrypted private keys then you can use the "-sslKeyPwd" parameter switch as an extra layer of security.
Unfortunately the documentation is a bit lacking in explaining what it does.