1) Create a private key and an associated certificate request:
proenv> pkiutil -newreq test
The PEM passphrase will be the private key password. You'll have to remember it.
Make sure you specify the DNS hostname of your machine for the Common Name. So for example hostname.domain.com . The SSL connection from the REST web application to the AppServer will fail if the Common Name of the certificate does not match the DNS hostname of the AppServer machine.
2) Use %DLC%\keys\requests\test.pk10 to request a new digital certificate from a Certificate Authority (CA).
For OpenEdge 11.7: The PEM file returned by the CA should only contain the signed certificate. If it contains the full certificate chain, then it will cause the connection to Webspeed or AppServer to fail. Check this with the CA if needed.
3) After you obtain the new digital certificate from the CA import the certificate into the keystore.
proenv> pkiutil -import test newcert.pem
4) Obtain and mport the root certificate of your CA into the OpenEdge client keystore (%DLC%\certs):.
proenv> certutil -import root.pem
5) In ubroker.properties add the following entries:
[UBroker.WS.wsbroker1]
keyAlias=test
keyAliasPasswd=61607c736773646b6962
sslEnable=1
To generate the keyAliasPasswd use genpassword and specify the private key password:
proenv> genpassword -password 1234567890
61607c736773646b6962
The same entries are added in ubroker.properties for the AppServer section. Alternatively use the OpenEdge Explorer or OpenEdge Management Console to configure the SSL properties.
