The OpenEdge key store maintains private keys and digital certificates for OpenEdge SSL servers in several locations. These include private keys and digital certificates that you have authorized by a CA and imported for use by an SSL server, and private keys and public-key certificate requests that you generate and have pending for authorization by a CA. You must manage this key store entirely with the pkiutil command-line utility. See Using pkiutil to manage an OpenEdge key store for additional information.
The key store resides in the OpenEdge-Install-Dir\keys directory. This directory contains the following files and subdirectories:
alias.pem — Files containing a single key store entry that you have created from an imported CA-authorized digital certificate that contains the public key joined with the private key that you generated along with the original public-key certificate request. Each file is named with the alias that you chose for the original private key and certificate request using the -newreq operation of pkiutil. The initial key store entry is the default OpenEdge entry default_server.pem, as authorized by the Progress Software Corporation CA. For more information on this default key store entry, see the sections on SSL in OpenEdge Getting Started: Core Business Services - Security and Auditing.
policy — A subdirectory containing a pscpki.cnf configuration file. The pkiutil utility uses this file to control the process of generating new SSL server private/public keys and generating digital certificate requests that can be sent to a CA in order to obtain a public-key certificate for the OpenEdge SSL server. Initially, this is the only subdirectory.
requests — A subdirectory containing all newly generated private keys and public-key certificate requests in the form of the following two files:
alias.pk1 — This file holds the PKCS #1-formatted, password-encrypted, private key for the given key store alias entry.
alias.pk10 — This file holds the PKCS #10-formatted public-key certificate request that you send to a CA to obtain the SSL server's public-key certificate for the given key store alias entry.
backup — A subdirectory containing any removed key store entries. The pkiutil utility removes an existing key store entry when you:
Explicitly remove it using the -remove operation of pkiutil.
Update an existing key store entry with a new digital certificate. You will perform this operation when the previous public-key certificate has expired and you have applied to the CA for a renewed public-key certificate.
In all cases, pkiutil places removed key store entries in this directory in case you find it necessary to recover and use them again.
Note: Performing successive -remove or -import operations on the same key store entry repeatedly overwrites that entry in the backup subdirectory.
Caution: If you upgrade or uninstall OpenEdge, Progress Software Corporation recommends that you back up your current version of the OpenEdge key store directory tree (OpenEdge-Install-Dir\keys) to prevent losing valuable keys and certificates.
alias.pem — Files containing a single key store entry that you have created from an imported CA-authorized digital certificate that contains the public key joined with the private key that you generated along with the original public-key certificate request. Each file is named with the alias that you chose for the original private key and certificate request using the -newreq operation of pkiutil. The initial key store entry is the default OpenEdge entry default_server.pem, as authorized by the Progress Software Corporation CA. For more information on this default key store entry, see the sections on SSL in OpenEdge Getting Started: Core Business Services - Security and Auditing.