Using mkhashfile to install root certificates in the OpenEdge root certificate store

The mkhashfile command-line utility provides a simple way to install a root certificate that is authorized by your own internal-use CA, or any CA that can provide you with a PEM-encoded certificate (typically in a file named with the .pem extension). If you are using your own certificate server to provide the certificate, refer to the documentation for the certificate server administration software for information on how to obtain PEM-encoded certificates. Once you have the certificate accessible to your OpenEdge SSL client machine, you can use the mkhashfile command-line utility to install it in the OpenEdge root certificate store.

Note: If the root certificate is not a PEM-encoded certificate, it is recommended that you use the certutil command-line utility, specifying the format option. For details about the certutil command-line utility and all its options and functions, see the detailed syntax information for the certutil command listed in Commandand Utility Reference

To use mkhashfile to create an entry in the OpenEdge root certificate store for a local PEM-encoded certificate file, vsigntca.pem, specify the file with the mkhashfile command that you enter in the OpenEdge Proenv command window. For example:

proenv>mkhashfile vsigntca.pem

OpenEdge Release 11.4 as of Fri Oct 14 00:15:12 EST 2011

Running SSLC command ...
Copying vsigntca.pem and 18d46017.0 to C:\Progress\OpenEdge\certs
proenv>

The utility generates the entry as a file with an encrypted filename, 18d46017.0, which is the alias used to identify the certificate store entry. You can then manage this entry along with all other entries in the OpenEdge certificate store using the certutil utility. For more information see Using certutil to manage an OpenEdge root certificate store.