The Unified Broker Framework has the “certStorePath” SSL property to specify the path to the trusted certificate store which is the root certificate for the certificate authority that was used to sign the server certificate. Servers using this customized certificate can connect clients instantiated with a matching certificate specified using -certstorepath command line parameter of the client.
However, in a Probroker configuration, responsibility for spawning an SSL or a non-SSL DataServer servers rests with the Probroker based on whether it was instantiated with an SSL or a non-SSL command line parameter. An SSL-enabled ProBroker can include the following startup parameters to customize the brokers use of certificates and key stores.
Table 33. DataServer connection parameters
Parameter
Description
-certstorepath
The path to the trusted certificate store.The root certificate for the certificate authority that was used to sign the server certificate should be specified by this path.
-keystorepath
Specifies the key store location.
-keyalias
Specifies the alias set for a private/public key. If this parameter is not provided, the server certificate alias that is provided by OpenEdge is used.
-keyaliaspasswd
Specifies the encoded password set for the alias of the private/public-key to access the server Private Key / Digital Certificate key store entry. You can use the OpenEdge provided genpassword utility for encoding your passwords
For example a Probroker can be started and customized in SSL mode as follows: