OpenEdge ships a small set of root digital certificates from leading industry Certificate Authorities (CAs), with the Open Client Toolkit. These digital certificates may be used during development and for redistribution with your Open Client application.
Most likely, there will be times when you need to manage digital certificates. It may be necessary to add, remove, or update the (root) digital certificates contained in the JAR files. For example:
You might want to use a digital certificate from a Certificate Authority not included with the set in OpenEdge.
A digital certificate expires, and you might need to replace it with a newer version.
You might want to create your own set of certificates, using only those certificates you know your application will use.
You may want to customize your own JAR file with only your own selection of digital certificates.
The Web Server hosting the AIA may be using a digital certificate issued by a private Certificate Authority whose (root) digital certificate is not distributed with OpenEdge.
The certificate files included with the Open Client Toolkit are stored in .zip and .jar files called certificate store files, in the DLC/certs directory. For more information, see the sections on certificate store management in OpenEdge Development: Open Client Introduction and Programming.
Each certificate store file holds several individual root digital certificates and contains one digital certificate list (.dcl file) that lists all certificate files stored in the file. The individual certificates have one of the following formats:
DER — These file types have extensions of .cer and .crt. There is no difference between these types. One file stores one binary certificate.
PEM — These file types have extensions of .pem, .txt, and .0. There is no difference between these types. One file stores one or more certificates.
To help you view and manage digital certificates, OpenEdge provides a certificate management tool (procertm). The procertm utility runs in Windows and on UNIX platforms and lets you import, export, and remove certificates to and from .jar and .zip files. You also can use this tool to convert digital certificates file formats.
You might want to use a digital certificate from a Certificate Authority not included with the set in OpenEdge.