Configuring clients for SSL/TLS

In OpenEdge, you can use the certutil command to create the files that supply the necessary keys for connecting to clients.

To generate the key files and copy them to a server:

1. On a PROENV command line, change your working directory to the OpenEdge-Install-Dir\keys\requests.

This should be the directory where you copied the SSL/TLS certificates, which is described in Obtaining a certificate from a Certificate Authority.

2. Run certutil to import both the public and private SSL/TLS certificates to the OpenEdge-Install-Dir\certs directory.

The following is an example with certificates named MyCertPriv.cer and MyCertPub.cer in the C:\Progress\OpenEdge\keys\requests directory:

proenv> certutil -import C:\Progress\OpenEdge\keys\requests\MyCertPriv.cer
Importing trusted certificate to alias name: 9792edd3

proenv> certutil -import C:\Progress\OpenEdge\keys\requests\MyCertPub.cer
Importing trusted certificate to alias name: 22c9eb58

The -import parameter requires the fully qualified pathname of the certificate file.

The key file alias names are exactly eight hexadecimal characters in length and have a .0 (dot-zero) file extension. However, keep in mind that your files will not have the same filenames that are shown in this example.

3. Verify that the key files created in the previous step exist in the OpenEdge-Install-Dir\certs directory.

4. Copy the key files to the client.

Every client that will connect to the server must have a copy of the key file that was generated by the import.

5. Test the client.