Using the procertm utility

If you are using HTTPS for communications with a remote OpenEdge Management Trend Database, you use the demo keystore — demoTrendTrustKeystore.zip — to validate the SSL connection from the OpenEdge Management installations that are trending to a remote management console (the location of the OpenEdge Management Trend Database). The Digital Certificate that identifies the Certificate Authority who issued the remote management console's digital certificate must be in the demoTrendTrustKeystore.zip for the validation to succeed.

The demoTrendTrustKeystore.zip file contains a number of trusted root digital certificates for an OpenEdge Management demo and common, public Certificate Authorities. It is not typically necessary for you to modify the file; however, the demoTrendTrustKeystore.zip file contains neither the digital certificate for every public Certificate Authority nor certificates for any privately run company Certificate Authority.

You can obtain the distributed list of certificates by running the procertm utility and listing the contents of the demoTrendTrustKeystore.zip file certificate store. You can also use the procertm utility to add any Certificate Authority's root certificate to the demoTrendTrustKeystore.zip, if not already there.

If the remote management console's issuing Certificate Authority is not already present, you must first follow these steps:

  1. Contact the CA who issued the management console's digital certificate and obtain the CA's trusted Root Digital Certificate. This may be returned in either PEM (.0, .txt, or .pem) or DER (.cer or .crt) format.
  2. If the CA root digital certificate is in a PEM format (with a file extension of .0, .txt, or .pem), use the procertm tool to convert it to DER format (identified with a.cer file extension).
  3. Use the procertm tool to import the DER-formatted CA digital certificate into the demoTrendTrustKeystore.zip certificate store.
Managing the trust keystore with procertm

You run the procertm utility from a command line using the following syntax:

Syntax
procertm [options] cert_store 

Where:

When you run procertm, it performs the options in the following order:

  1. Imports any certificates specified with the -i option from the working directory into cert_store. If a certificate is not found, a warning message displays.
  2. Exports any certificates specified with the -e option from cert_store to the working directory. If a certificate is not found, a warning message displays.
  3. Removes any certificates specified with the -r option from cert_store. If a certificate is not found, a warning message displays.
  4. Shows the resulting cert_store file contents, if the -l option is specified.
  5. Prints any digital certificate list information, if the -p option is specified.

You can provide the following options in any combination and in any order:

Converting digital certificates with procertm

You can use the procertm utility to convert digital certificates between .DER and .PEM file formats. To convert files from one file format to the other, use the following command line syntax:

Syntax
procertm -c in_cert out_cert 

Where:


Copyright © 2008 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095