Create and deploy a certificate for HTTPS with the OpenEdge Authentication Gateway Server
The OpenEdge Authentication Gateway server is accessed by encrypted HTTPS calls.
Use the following steps to create and deploy a certificate for HTTPS with OpenEdge Authentication Gateway Server:
1. Create a valid certificate using the pkiutil utility. See OpenEdge Getting Started: Installation and Configuration for details and complete syntax.
The result of running pkiutil is:
Certificate Authority certificate (
CA.cer)
Public certificate (
name.cer)
PEM file (
name.pem)
2. Import the certificates for use by OpenEdge executables using certutil that place hashfiles in the appropriate %DLC% directory, as shown:
Run
certutil import CA.cer
This creates a %DLC%/certs/hashfile.0
Run
certutil import name.cer
This creates a %DLC%/certs/hashfile.0
Copy
name.pem to
%DLC%/keys
Repeat this step on all database installations accessing the OpenEdge Authentication Gateway server.
3. Change the keystore for the OpenEdge Authentication Gateway server to use the new certificate, as follows:
a. Save the current keystore to a backup. For example:
mv tomcat-keystore.p12 tomcat-keystore.p12.orig
|
b. Create a new keystore. For example:
sslc pkcs12 -export -in %DLC%/keys/name-systest.pem -out tomcat-keystore.p12 -name ux-systest
|
You will be prompted for:
Pass phrase for the
.pem file
Export password
Verification of export password
c. Verify the keystore. For example:
keytool -list -v -keystore tomcat-keystore.p12 -storetype pkcs12
|
4. Modify the OpenEdge Authentication Gateway Server to load the new keystore using the tcman config utility. For example:
tcman config psc.as.https.keypass=password
tcman config psc.as.https.keyalias=name
|
5. Restart the OpenEdge Authentication Gateway Server.