Release 10.1A: OpenEdge Getting Started:
Installation and Configuration

Managing key stores for OpenEdge servers

You can manage the private keys and corresponding digital certificates for OpenEdge servers that support SSL connections using a key store located in the OpenEdge-Install-Dir\keys directory. Each SSL server requires at least one key store entry that contains a single private key and corresponding digital (public-key) certificate. With this key store entry, you can configure any supported OpenEdge server to enable and manage SSL connection from clients. For more information on the OpenEdge servers that support SSL server configuration, see the sections on the OpenEdge-supported SSL server components described in OpenEdge Getting Started: Core Business Services .

If you require only data encryption and do not need to verify the identity of SSL servers (typically, for intranet configurations only), OpenEdge comes installed with a default key store entry. This default entry contains a common private key and digital certificate pair that you can use without any further management beyond enabling SSL connections on OpenEdge clients and servers. For more information on the default SSL server identity, see the sections on SSL in OpenEdge in OpenEdge Getting Started: Core Business Services .

However, to establish a trusted OpenEdge SSL server identity suitable for use on the Internet or a more secure intranet, you must complete several steps using the functions of the pkiutil command-line utility installed with OpenEdge.

Notes: Before you run an OpenEdge command-line utility, set the DLC environment variable to the OpenEdge_Installation pathname and set the WRKDIR environment variable to your working directory. For an example, see the OpenEdge_Installation/bin/pkiutil shell script on UNIX or the OpenEdge_Installation\bin\pkiutil.bat file in Windows.

Running the command-line utility in a Proenv command window properly sets DLC and WRKDIR for you.