Before you obtain a digital certificate, you must create a keystore repository to hold the identity and CA certificates. Creating a keystore repository will also put a self-signed certificate and key pair into the store.
Note: For improved readability of the command-line samples in this document, each command-line option appears in its own line. However, you must actually type the command as one continuous string, without including any return characters.
To create the repository, type the following command all on one line:
Creates the public/private key pair and wraps the public key into a self-signed certificate.
-dname
Defines the distinguished name string that identifies your site, as described in the following table.
Table 7. Distinguished name string components
Component
Description
CN
The common name, which is typically the host name for the system. (If you do not type the host name, you will get an alert from the browser.)
OU
The name of your organization or department.
O
The name of your company.
L
The name of your city.
S
The name of your state.
C
The name of your country.
-alias
A value that identifies a specific certificate/key pair. You must provide a unique alias for each certificate/key pair in a keystore. In the example shown here, the alias is Acme.
-keypass
A password that you will use to access a specific certificate/key pair. In the example shown here, the keypass is coyote.
-keystore
The full path (relative to the OpenEdge Management or OpenEdge Explorer install directory) and the name of the keystore file you want to create.
In the example shown earlier in this section, myIdentityKeystore.jks is the repository name. If the keystore file were located in the default location for OpenEdge Management, for example, it would be in the Progress\oemgmt\config directory.
-storepass
A password for the keystore file. In the example shown here, the storepass is roadrunner.
-validity
The length of time, in days, that the certificate can be used. The default is 90 days.
-keyalg
The algorithm being used to create the certificate signature.
Use this option to override the default value of dsa by specifying rsa, which is the default used by the Jetty Web server and required by Internet Explorer and Netscape.
-keysize
The default key size of 1024; other values include 512 and 2048.
A sample of creating a keystore appears in the following figure.
Figure 14. Creating a keystore
This sample command accomplishes the following:
Generates a public/private key pair for the entity whose distinguished name (DN) has a common name (CN) of mypc, the organizational unit (OU) Dev, the company (O) Acmeco, the city (L) Tucson, the state (S) AZ, and the country (C) US.
Establishes that the certificate is valid for 90 days and is associated with the private key in a keystore entry referred to by the alias Acme.
Assigns to the private key the keypass (password) coyote.
Creates the keystore named myIdentityKeystore in the Progress\oemgmt\config directory, which is the default location for an installation of OpenEdge Management.
Assigns to the keystore the storepass (password) roadrunner.
Uses the rsa key-generation algorithm to create the keys.
Establishes the size for each key as 1024.
Creates a self-signed certificate that includes the public key and the distinguished name details.
Note that if you choose not to type the entire command, you can begin by typing only the -genkey command. The utility then prompts you for each of the subsequent pieces of information.