Application security is always a major concern for developers. 4D continues to address this ever-present concern in v20 R4 by removing the default SSL/TLS certificate and private key (cert.pem and key.pem) within the 4D Server application’s resources folder. These existed for testing purposes, and it was strongly recommended that the developer replace these with their own more secure certificates. The default key.pem and cert.pem will no longer come with 4D Server. If developers are looking for these files on or after 4D v20 R4, they will be unable to find them.

Instead, as of v20 R4, 4D will generate a temporary certificate for encrypted connections if a certificate is not already present in the resources folder. These temporary certificates are generated each server launch and stored in memory. Regenerating the certificate and private key on each server launch reduces the security risk of compromised certificates, allowing developers to use them more safely. This also creates convenience in that the developers may use these temporary certificates instead of finding their own.

It is worth noting that 4D will not generate these certificates for the web server. Web Server certificates need to be issued by a recognized certificate authority.