Try OpenEdge Now
skip to main content
Installation and Configuration
Configuration : Managing OpenEdge Key and Certificate Stores : Managing certificate stores for OpenEdge clients and servers : Installing trusted CA/root certificates
Installing trusted CA/root certificates
To allow OpenEdge client access to an SSL server whose identity you need to verify, you must install the appropriate root digital certificate to authenticate that server. An SSL server can have its identity established from one of two basic sources:
*One of the trusted public CA root digital certificates distributed by Progress Software Corporation that includes RSA, Thawte, and Verisign
*A root digital certificate from an internal CA that you have set up on your own certificate server or from another external or public CA other than RSA, Thawte, or Verisign
OpenEdge automatically installs root certificates in the OpenEdge root certificate store from RSA, Thawte, and Verisign. However, if you use your own internal-use CA or a public CA other than these three, you must install the required root certificates yourself.
OpenEdge provides the following command-line utilities to install and manage root certificates in the OpenEdge certificate store:
*certutil — Installs, lists, and manages CA/root certificates from any CA as entries in the OpenEdge root certificate store, and manages the certificate store for the client and server. You can also remove certificate store entries using this utility. The utility moves all removed entries to a backup subdirectory of the root certificate store for future recovery and use.
Note: For .NET and Java Open Clients and Web service clients of OpenEdge application servers, you must use other utilities to manage the root certificate stores for those clients and servers. For more information, see OpenEdge Development: OPen Client Introduction and Programming.
*mkhashfile — Provides simple installation of PEM-encoded root certificates into the OpenEdge root certificate store from any CA, but provides no other management functions for the OpenEdge certificate store. You can use certutil for the additional root certificate management.
Note: Before you run an OpenEdge command-line utility, set the DLC environment variable to the OpenEdge-install-dir pathname and set the WRKDIR environment variable to your working directory. For an example, see the OpenEdge-install-dir/bin/certutil shell script on UNIX or the OpenEdge-install-dir\bin\certutil.bat file in Windows. Running the command-line utility in a Proenv command window properly sets DLC and WRKDIR for you.