You can manage the private keys and the corresponding digital certificates for OpenEdge servers that support SSL connections using a key store located in the OpenEdge-Install-Dir\keys directory. Each SSL server requires at least one key store entry that contains a single private key and corresponding digital (public-key) certificate. With this key store entry, you can configure any supported OpenEdge server to enable and manage SSL connection from clients. For more information on the OpenEdge servers that support SSL server configuration, see the sections on the OpenEdge-supported SSL server components described in OpenEdge Getting Started: Core Business Services - Security and Auditing .
If you require only data encryption and do not need to verify the identity of SSL servers (typically, for intranet configurations only), OpenEdge comes installed with a default key store entry. This default entry contains a common private key and digital certificate pair that you can use without any further management beyond enabling SSL connections on OpenEdge clients and servers. For more information on the default SSL server identity, see the sections on SSL in OpenEdge Getting Started: Core Business Services - Security and Auditing .
However, to establish a trusted OpenEdge SSL server identity suitable for use on the Internet or a more secure intranet, you must complete several steps using the functions of the pkiutil and certutil command-line utilities installed with OpenEdge.
Note: Before you run an OpenEdge command-line utility, set the DLC environment variable to the OpenEdge-Install-dir> pathname and set the WRKDIR environment variable to your working directory. For an example, see the OpenEdge-install-dir/bin/pkiutil shell script on UNIX or the OpenEdge-install-dir\bin\pkiutil.bat file in Windows.
Running the command-line utility in a Proenvcommand window properly sets DLC and WRKDIR for you.
