Release 10.1A: OpenEdge Getting Started:
Installation and Configuration

pkiutil

Provides all of the functions necessary to create and manage key store entries for OpenEdge SSL servers. It creates these entries from pairs of private keys and digital certificates that it stores in the OpenEdge server key store (located in OpenEdge-Install-Dir\keys).

Note: You must submit a public-key certificate request that is generated for each new key store entry that you want to create with this utility to a Certification Authority (CA). The CA then returns the necessary server (public-key) certificate for you to import and complete creation of the new key store entry.

Operating system	Syntax
UNIX Windows	pkiutil [ -brief | -verbose ]   {   [ -format { DER | PEM } ] -display cert-file     | [ -format { DER | PEM } ] -import alias cert-file     | -list [ alias ... ]     | [ -keysize size ] -newreq alias     | -print alias     | -remove alias ...   }

-brief

Provides less information or as specified for the function.

-verbose

Provides more information or as specified for the function.

-format { DER | PEM }

Specifies the certificate format for the -import and -display functions. The default input format for a certificate is Privacy Enhanced Mail (PEM). Because some CAs issue public-key certificates in a binary format (DER) you must specify -format DER to import these certificates.

-display cert-file

Displays the digital certificate file information contained in the operating system disk file, cert-file. You must specify cert-file as a fully qualified operating system file pathname. The -verbose option displays complete certificate information, and the -brief option displays less certificate information for each key store entry.

-import alias cert-file

Imports a CA-issued SSL server digital (public-key) certificate from the disk file, cert-file, pairs it with the -newreq-generated private key identified by the specified alias name (alias), and places the pair in the key store as a new entry identified by alias. The function prompts for the same password used to generate the public-key certificate request for this entry.

-list [ alias ... ]

Displays a list of key store entries identified by each alias name (alias). You can specify multiple aliases, but you cannot use wild cards. If you specify no alias, pkiutil displays all entries in the key store. The -verbose option displays complete certificate information, and the -brief option displays less certificate information per key store entry.

[ -keysize size ] -newreq alias

Generates a new private/public-key pair and a corresponding public-key certificate request (suitable for submission to a CA), stored under the alias name specified by alias, and placed in the OpenEdge-Install-Dir\keys\requests directory.

You must specify an alias name between 1 and 39 characters long and use only the following characters:

“0” to “9”
“a” to “z”
“A” to “Z”
“_” and “-”
Note: The character “-” cannot be used as the first character.

The function prompts for a password with a minimum of four characters using any printable ASCII character. You must use this same password to later create and allow access to the key store entry generated from this certificate request.

When pkiutil generates the keys and certificate request for this function, by default it generates keys using the RSA asymmetric encryption algorithm with a 1024-bit key size. If you require a different key size, you can specify the number of bits to generate using the -keysize option (valid key sizes must be 512, 1024, or 2048 bits).

-print alias

Displays the public-key certificate request identified by alias.

-remove alias ...

Removes one or more entries from the key store that you specify by their alias. You cannot use wild cards. Moves each specified key store entry into the backup subdirectory of the key store and overwrites any key store entry previously stored in the backup subdirectory with the same alias.