Note: Using a sef-signed cert is only recommended for development environments. For a production environment, the default SSL Server Certificate must be replaced with a fully qualified certificate from a Certificate Authority (CA).
On 12.x the AdminServer and fathom (OEM web interface) were separated, and configuration files were relocated.
1) Open a proenv session
2) cd to the OEM config directory
Prior to 12.x:
cd <OEMGMT>\config
12.x+:
cd <OEMGMT>\conf\
3) (Non-production environments) - Create a selfsigned certificate and keystore using the Java Keytool in the DLC\jdk\bin directory.
Example:
<DLC>\jdk\bin\keytool -genkey -keyalg RSA -alias selfsigned -keystore mykeystore.jks
-storepass password -validity 1001 -keysize 2048
In this example the alias name is selfsigned and the keystore name is mykeystore.jks the keystore password is password.
4)Export the selfsigned cert generated in step 3
Example:
<DLC>\jdk\bin\keytool -export -alias selfsigned -file selfsigned.crt -keystore mykeystore.jks
If using a cert from a CA(recommended):
keytool -import -alias <alias name> -file <Cert from CA>.crt -keystore <Keystore name>.jks
12.x+:
Convert the jks keystore to p12 format:
keytool -importkeystore -srckeystore <source>.jks -destkeystore <destination>.p12 -deststoretype PKCS12
5) Start the AdminServer
Example:
proadsv -start
Or via Windows services.
6) Use a browser to access the OEM interface on the default port of 9090.
7) Click on the cogwheel button located in the upper right section of the OpenEdge Management / Explorer interface.
8) Click on the link for "Web Server Configuration" located in the left pane of the screen.
9) Click on the Advanced Options button
10) Change the https port if desired and note the port number for later use.
11) Change the Keystore path name to the file generated in step 3.
Example:
Prior to 12.x:
<OEMGMT>\config\mykeystore.jks
12.x+:
<OEMGMT>\conf\mykeystore.12
12) Change the Keystore pass phrase to what was used in step 3.
13) Change the alias to the alias name used in step 3.
Example:
selfsigned
14) Change the alias pass phrase to the pass phrase used in step 3.
Example using the word password:
********
15) Set the trusted clients (if desired) to those machines that the AdminServer will accept connections from.
16) Click on the submit button at the top of this screen.
NOTE: It should indicate that the configuration has been accepted and successfully updated.
It will restart the Fathom / OpenEdge Management webserver component and start it on the port defined in step 10.
17) Open the preferred Web Browser. Follow the necessary instructions to import a certificate chan into the browser (this will vary between browsers and is outside the scope of this document).
18) After the certificate is imported into the browser it will be possible to connect to the OpenEdge Management / OpenEdge Explorer on the port specified.
Example:
https://localhost:9443
