Try OpenEdge Now
skip to main content
DataServer for Oracle
Configuring the DataServer : Creating, Maintaining, and Deploying a schema holder : Starting ProBroker distributed DataServer broker with SSL-enabled Progress Networking : Non-default SSL certificates
 
Non-default SSL certificates
The Unified Broker Framework has the “certStorePath” SSL property to specify the path to the trusted certificate store which is the root certificate for the certificate authority that was used to sign the server certificate. Servers using this customized certificate can connect clients instantiated with a matching certificate specified using -certstorepath command line parameter of the client.
However, in a Probroker configuration, responsibility for spawning a ssl or a non-ssl DataServer servers rests with the Probroker based on whether it was instantiated with an SSL or a non-SSL command line parameter. An SSL-enabled ProBroker can include the following startup parameters to customize the brokers use of certificates and key stores.
Parameter
Description
-certstorepath
The path to the trusted certificate store. The root certificate for the certificate authority that was used to sign the server certificate should be specified by this path.
-keystorepath
Specifies the key store location.
-keyalias
Specifies the alias set for a private/public key. If this parameter is not provided, the server certificate alias that is provided by OpenEdge is used.
-keyaliaspasswd
Specifies the encoded password set for the alias of the private/public-key to access the server Private Key / Digital Certificate key store entry. You can use the OpenEdge provided genpassword utility for encoding your passwords
For example a Probroker can be started and customized in SSL mode as follows:
_probrkr -S ccall7sv2 –ssl
-certstorepath E:\\users\\<currentuser>\\par\\SHA224\\certs
-keystorepath E:\\users\\<currentuser>\\par\\SHA224\\keys
-keyalias localhost
-keyaliaspasswd 20333c34252a2137
The above Probroker can establish connection to a client which uses a matching certificate:
prowin32 -pf parametersFile.pf
-certstorepath E:\\users\\ashukla\\par\\SHA224\\certs
-nohostverify