Release 10.1A: OpenEdge Getting Started:
Installation and Configuration

Using genpassword to obtain a key store
password-encrypted value

When you must configure an OpenEdge SSL server by manually editing the ubroker.properties file, or for the OpenEdge RDMS when you start up the database server to enable SSL connections, you must specify the password to allow access to the required private-key alias. The value you specify is available to anyone who can read the file or command line where you enter it. In order to prevent access to this password by unauthorized users, you must specify an encrypted form of the password that is equivalent to the password itself.

Note: You must also provide the encrypted form of the password ("password") for the default_server alias. In the Progress Explorer, when you configure an SSL server with the default_server alias, OpenEdge automatically provides the encrypted form of this password.

OpenEdge provides the genpassword command-line utility that you can use to obtain the encoded and encrypted form for the real password.

For example, when the following code is executed in the OpenEdge Proenv command window, you can generate an encrypted value for a password whose value is "topsecret":

proenv>genpassword -password topsecret 243d3f343726213624 proenv>

Later, to verify that an existing encrypted value matches the real password value, you can run genpassword, as follows:

proenv>genpassword -password topsecret -verify 243d3f343726213624 The passwords match. proenv>

For more information on the options of the genpassword command-line utility, see Appendix C "Command and Utility Reference."