Try OpenEdge Now
skip to main content
Installation and Configuration
Configuration : Managing OpenEdge Key and Certificate Stores : Managing key stores for OpenEdge servers : Understanding key store content
Understanding key store content
The OpenEdge key store maintains private keys and digital certificates for OpenEdge SSL servers in several locations. These include private keys and digital certificates that you have authorized by a CA and imported for use by an SSL server, and private keys and public-key certificate requests that you generate and have pending for authorization by a CA. You must manage this key store entirely with the pkiutil command-line utility. See Using pkiutil to manage an OpenEdge key store for additional information.
The key store resides in the OpenEdge-Install-Dir\keys directory. This directory contains the following files and subdirectories:
*alias.pem — Files containing a single key store entry that you have created from an imported CA-authorized digital certificate that contains the public key joined with the private key that you generated along with the original public-key certificate request. Each file is named with the alias that you chose for the original private key and certificate request using the -newreq operation of pkiutil. The initial key store entry is the default OpenEdge entry default_server.pem, as authorized by the Progress Software Corporation CA. For more information on this default key store entry, see the sections on SSL in OpenEdge Getting Started: Core Business Services - Security and Auditing.
*policy — A subdirectory containing a pscpki.cnf configuration file. The pkiutil utility uses this file to control the process of generating new SSL server private/public keys and generating digital certificate requests that can be sent to a CA in order to obtain a public-key certificate for the OpenEdge SSL server. Initially, this is the only subdirectory.
*requests — A subdirectory containing all newly generated private keys and public-key certificate requests in the form of the following two files:
*alias.pk1 — This file holds the PKCS #1-formatted, password-encrypted, private key for the given key store alias entry.
*alias.pk10 — This file holds the PKCS #10-formatted public-key certificate request that you send to a CA to obtain the SSL server's public-key certificate for the given key store alias entry.
*backup — A subdirectory containing any removed key store entries. The pkiutil utility removes an existing key store entry when you:
*Explicitly remove it using the -remove operation of pkiutil.
*Update an existing key store entry with a new digital certificate. You will perform this operation when the previous public-key certificate has expired and you have applied to the CA for a renewed public-key certificate.
In all cases, pkiutil places removed key store entries in this directory in case you find it necessary to recover and use them again.
Note: Performing successive -remove or -import operations on the same key store entry repeatedly overwrites that entry in the backup subdirectory.
Caution: If you upgrade or uninstall OpenEdge, Progress Software Corporation recommends that you back up your current version of the OpenEdge key store directory tree (OpenEdge-Install-Dir\keys) to prevent losing valuable keys and certificates.