Install a .p12 certificate into Progress 11.3 - Forum - OpenEdge General - Progress Community

Install a .p12 certificate into Progress 11.3

 Forum

Install a .p12 certificate into Progress 11.3

This question is answered

Hi everyone!

I'm having a problem with a certificate installation.

I already know how to install a .pem or .der certificate on Progress 11.3, but now I have a .p12 certificate (certificate with private key) and I don't know how to install it.

I'll apreciate so much every answer. Thanks!

Verified Answer
  • There can be a number of reasons why a SSL/TLS connection to a web server fails - certificates or keys being one of them.  I would not try guessing which one, or ones, is the problem.   It remains that OE 11.3 cannot use a .p12 file - so you are left with the problem of obtaining obtaining the .pem files OE 11.3 requires.  If the SOAP client will not provide enough information to troubleshoot the connection failure, then you need another client tool that will provide detailed connection error information.

    You might find it best to open a support case with OpenEdge Technical Support where they can go through the troubleshooting process with you.

All Replies
  • OpenEdge cannot use a .p12 (pkcs12) formatted key/certificate file.  It SSL/TLS enabled servers require a single .pem file, containing both the private key and its certificate, in the DLC/keys/ directory.   (the one exception is the PAS for OE servers in 11.5+, just to be clear)

    You can try the following manual (unix) steps to extract and format the key & certificate from the .p12 file.   (Windows will work the same way with corrected file paths and DLC variable name)  

    See if this works for you.   Note: you will be prompted for the passwords to the .p12 file and for encrypting the .pem private key.  

    $DLC/bin/sslc pkcs12 -in source-keystore.p12 -nocerts -out server-key.pem

    $DLC/bin/sslc pkcs12 -in source-keystore.p12 -clcerts -nokeys -out server-cert.pem

    cat server-key.pem server-cert.pem > $DLC/keys/server.perm

    Good luck!

  • Hi Michael! Thanks for the response!

    I tried that, but nothing.

    Anyway, looking into the Soap fault that I received from the WS, I'm watching that probably I'm not even doing the call to the web service as expected, due to the soap message is: "Unable to authenticate request (from client)", Regardless of whether I have installed the certificates or not.

    Also I may clarify that the XML request that I'm sending to the Web service is correct. (Checked with the WS provider)

  • Sorry by the discomfort, but you haven't idea what this issue are? It's like if Progress aren't viewing the certificates :/

  • There can be a number of reasons why a SSL/TLS connection to a web server fails - certificates or keys being one of them.  I would not try guessing which one, or ones, is the problem.   It remains that OE 11.3 cannot use a .p12 file - so you are left with the problem of obtaining obtaining the .pem files OE 11.3 requires.  If the SOAP client will not provide enough information to troubleshoot the connection failure, then you need another client tool that will provide detailed connection error information.

    You might find it best to open a support case with OpenEdge Technical Support where they can go through the troubleshooting process with you.

  • Oh, so one of the possible solutions would be require a certificate with .pem extension that replacing the .p12?

    Okay, I'll try that and update you soon. Thanks!

  • Hi Michael, there is imposible at the moment to get the official certificate in .pem format, due to that format don't accept a private key inside (I guest) but, it looks like a good solution that what you gave to me the other day. (first response), so I'm focus on that, but I can't make it work, did you have a complete steps to do that? Thanks!