Using the procertm utility
If you are using HTTPS for communications with a remote OpenEdge Management Trend Database, you use the demo keystore —
demoTrendTrustKeystore.zip
— to validate the SSL connection from the OpenEdge Management installations that are trending to a remote management console (the location of the OpenEdge Management Trend Database). The Digital Certificate that identifies the Certificate Authority who issued the remote management console's digital certificate must be in thedemoTrendTrustKeystore.zip
for the validation to succeed.The
demoTrendTrustKeystore.zip
file contains a number of trusted root digital certificates for an OpenEdge Management demo and common, public Certificate Authorities. It is not typically necessary for you to modify the file; however, thedemoTrendTrustKeystore.zip
file contains neither the digital certificate for every public Certificate Authority nor certificates for any privately run company Certificate Authority.You can obtain the distributed list of certificates by running the procertm utility and listing the contents of the
demoTrendTrustKeystore.zip
file certificate store. You can also use the procertm utility to add any Certificate Authority's root certificate to thedemoTrendTrustKeystore.zip,
if not already there.If the remote management console's issuing Certificate Authority is not already present, you must first follow these steps:
- Contact the CA who issued the management console's digital certificate and obtain the CA's trusted Root Digital Certificate. This may be returned in either PEM (
.0
,.txt
, or.pem
) or DER (.cer
or.crt
) format.- If the CA root digital certificate is in a PEM format (with a file extension of
.0
,.txt
, or.pem
), use the procertm tool to convert it to DER format (identified with a.cer
file extension).- Use the procertm tool to import the DER-formatted CA digital certificate into the
demoTrendTrustKeystore.zip
certificate store.Managing the trust keystore with procertm
You run the
procertm
utility from a command line using the following syntax:
Where:
The path to the digital certificate you want to import, export, or remove. This is used with thecert
-i
,-e
, and-r
options. When importing, the path is relative to the working directory. When exporting or removing digital certificates fromcert_store
, the path is the full digital certificate path specified incert_store
. Subdirectories should be specified with a forward slash (/). You can use multicharacter (*) and single-character (?) wildcards in thecert
filename and file extension.The path to thecert_store
zip
orjar
certificate store file. If the certificate store file does not exist, and you are importing digital certificates, a new file is created.When you run
procertm
, it performs the options in the following order:
- Imports any certificates specified with the
-i
option from the working directory intocert_store
. If a certificate is not found, a warning message displays.- Exports any certificates specified with the
-e
option fromcert_store
to the working directory. If a certificate is not found, a warning message displays.- Removes any certificates specified with the
-r
option fromcert_store
. If a certificate is not found, a warning message displays.- Shows the resulting
cert_store
file contents, if the-l
option is specified.- Prints any digital certificate list information, if the
-p
option is specified.You can provide the following options in any combination and in any order:
Prints verbose information about the progress of the digital certificate's import and export. When used with-v
-l
, additional digital certificate field information is printed.Lists the contents of the-l
cert_store
file after all import, export, and remove operations are completed.Prints the digital certificate list the-p
cert_store
contents to the filecert_store.dcl
, after all import, export and remove operations are completed.Imports certificate file(s) matching-i
cert
cert
tocert_store
from the working directory. Thecert_store
file is created as required. You can specify this option multiple times. See the definition ofcert
.Exports the certificate file(s) matching-e cert
cert
fromcert_store
to the working directory. Any subdirectories are created if required. You can specify this option multiple times. See the definition ofcert
.Removes the certificate file(s) matching-r cert
cert
fromcert_store
. You can specify this option multiple times. See the definition ofcert
.Sets the working directory path where certificates are imported from or exported to. The default is the current working directory.-d
Converting digital certificates with procertm
You can use the procertm utility to convert digital certificates between
.DER
and.PEM
file formats. To convert files from one file format to the other, use the following command line syntax:
Where:
The digital certificate whose file format you want to convert.in_cert
The file format to which you want to convert the digital certificate. Procertm performs the conversion based on the file-extension type. For example, ifout_cert
in_cert
has a file extension type of.crt
andout_cert
has a file extension type of.pem
,in_cert
is converted from.der
to.pem
format and written to the fileout_cert
.
Copyright © 2008 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |