1. Security Administration Guide
  2. Configuring the Enterprise Server JDE.INI File

Configuring the Enterprise Server JDE.INI File

Starting with JD Edwards EnterpriseOne Tools 9.1 Update 2.1, the "Network and Queue Settings (JDENET Configuration)" section of the enterprise server JDE.INI file contains three settings for SSL/TLS support. These settings are used only by the enterprise server. Clients that connect to the enterprise server do not have any related settings, as the enterprise server tells the client the type of connection to be used. Because of this architecture, older EnterpriseOne clients that do not support SSL/TLS cannot connect with an EnterpriseOne server that is enabled with SSL/TLS. Therefore, SSL/TLS support for JDENET requires that the release level of EnterpriseOne clients matches the release level of EnterpriseOne servers.

The SSL/TLS settings in the "Network and Queue Settings (JDENET Configuration)" section of the jde.ini include:

  • useSSL

    Valid values are Enable SSL or Disable SSL. Enabling this option specifies that JDENET messages will be exchanged using secure sockets (SSL/TLS). The setting is only set on the server, but does require that clients accessing the server can process SSL/TLS messages (that is, all clients must be running with a matching EnterpriseOne Tools release). Starting with EnterpriseOne Tools 9.1 Update 2.1, Disable SSL is the default setting in EnterpriseOne Tools 9.1 Update 2.1.

  • sslRetries

    This setting specifies the maximum number of times the server or client will attempt to complete an SSL/TLS handshake. If the handshake is not completed within the retry limit, the SSL/TLS connection fails. The retry limit prevents the server from hanging on an SSL/TLS connection that may never complete. The default value of 1000 for this setting should be appropriate for most installations, but may need to be increased to allow for slow clients or high network latency.

  • sslKeyFile

    You must set this parameter to the fully qualified path of the file containing the server's SSL/TLS certificate and private key. The server must have a valid certificate/key file in PEM format in order to use secure sockets. See Generating an SSL/TLS Certificate and Key File in this chapter for more information.

The following is an example of a typical SSL/TLS setup viewed from Server Manager:

SSL/TLS Settings in the JDE.INI File

In Tools Release 9.2.4.3, a new field called ProxyPassword has been added to the Security section in the JDE.ini file of the Enterprise Server. This new field contains the value of the database password and this field must be used only if the Bootstrap User and the Database User are different.

This image is described in the surrounding text.

In the previous releases, the Database User and the Bootstrap User were required to have the same password. As of Tools Release 9.2.4.3, you can choose to have different passwords for the Database User and the Bootstrap User. You can also choose to have any combination of long or short passwords for these fields as shown in the following table:

Database User Password Bootstrap User Password
Long Long
Short Short
Long Short
Short Long