OpenEdge Getting Started: Installation and Configuration - Product ...

More documents

Recommendations

Info

Chapter 9: Managing OpenEdge Key and Certificate Stores function arguments One of the following functions (function) and the objects they affect (arguments): • -newreq alias — Generates a new private/public-key pair and a corresponding public-key certificate request (suitable for submission to a CA), stored under the alias name specified by alias • -import alias cert-file — Imports a CA-issued SSL server digital (public-key) certificate from the disk file cert-file, pairs it with the private key generated for a public key request identified by the alias name alias, and places the pair in the key store as a new entry identified by alias • -print alias — Displays the public-key certificate request identified by alias. • -list [ alias ... ] — Displays a list of specified (alias) or all current key store entries • -display cert-file — Displays the digital certificate file information contained in the operating system disk file cert-file • -remove alias ... — Removes one or more specified (alias) key store entries For complete information on the options and functions of the pkiutil command-line utility, see Appendix C, “Command and Utility Reference.” Understanding key store content The OpenEdge key store maintains private keys and digital certificates for OpenEdge SSL servers in several locations. These include private keys and digital certificates that you have authorized by a CA and imported for use by an SSL server, and private keys and public-key certificate requests that you generate and have pending for authorization by a CA. You must manage this key store entirely with the pkiutil command-line utility. See the “Using pkiutil to manage an OpenEdge key store” section on page 263 for additional information. The key store resides in the OpenEdge-Install-Dir\keys directory. This directory contains the following files and subdirectories: • alias.pem — Files containing a single key store entry that you have created from an imported CA-authorized digital certificate that contains the public key joined with the private key that you generated along with the original public-key certificate request. Each file is named with the alias that you chose for the original private key and certificate request using the -newreq operation of pkiutil. The initial key store entry is the default OpenEdge entry default_server.pem, as authorized by the Progress Software Corporation CA. For more information on this default key store entry, see the sections on SSL in OpenEdge Getting Started: Core Business Services - Security and Auditing. • policy — A subdirectory containing a pscpki.cnf configuration file. The pkiutil utility uses this file to control the process of generating new SSL server private/public keys and generating digital certificate requests that can be sent to a 264 OpenEdge Getting Started: Installation and Configuration
Managing key stores for OpenEdge servers CA in order to obtain a public-key certificate for the OpenEdge SSL server. Initially, this is the only subdirectory. • requests — A subdirectory containing all newly generated private keys and public-key certificate requests in the form of the following two files: – alias.pk1 — This file holds the PKCS #1-formatted, password-encrypted, private key for the given key store alias entry. – alias.pk10 — This file holds the PKCS #10-formatted public-key certificate request that you send to a CA to obtain the SSL server’s public-key certificate for the given key store alias entry. • backup — A subdirectory containing any removed key store entries. The pkiutil utility removes an existing key store entry when you: – Explicitly remove it using the -remove operation of pkiutil. – Update an existing key store entry with a new digital certificate. You will perform this operation when the previous public-key certificate has expired and you have applied to the CA for a renewed public-key certificate. In all cases, pkiutil places removed key store entries in this directory in case you find it necessary to recover and use them again. Note: Performing successive -remove or -import operations on the same key store entry repeatedly overwrites that entry in the backup subdirectory. Caution: If you upgrade or uninstall OpenEdge, Progress Software Corporation recommends that you back up your current version of the OpenEdge key store directory tree (OpenEdge-Install-Dir\keys) to prevent losing valuable keys and certificates. Using genpassword to obtain a key store password-encrypted value When you must configure an OpenEdge SSL server by manually editing the ubroker.properties file, or for the OpenEdge RDMS when you start up the database server to enable SSL connections, you must specify the password to allow access to the required private-key alias. The value you specify is available to anyone who can read the file or command line where you enter it. In order to prevent access to this password by unauthorized users, you must specify an encrypted form of the password that is equivalent to the password itself. Note: You must also provide the encrypted form of the password ("password") for the default_server alias. In OpenEdge Management or OpenEdge Explorer, when you configure an SSL server with the default_server alias, OpenEdge automatically provides the encrypted form of this password. OpenEdge Getting Started: Installation and Configuration 265
Page 1 and 2:
® ® PROGRESS® OPENEDGE® OpenEdg
Page 3 and 4:
Document Revision History Document
Page 5 and 6:
Contents Preface . . . . . . . . .
Page 7 and 8:
Contents Running the Progress Dynam
Page 9 and 10:
Contents AdminServer considerations
Page 11 and 12:
Contents Starting applications on a
Page 13 and 14:
Contents Character set, date, and n
Page 15 and 16:
Tables Contents Table 1: Windows sy
Page 17 and 18:
Contents Table 109: OpenEdge Develo
Page 19 and 20:
Preface This Preface contains the f
Page 21 and 22:
Chapter 4, “Performing an OpenEdg
Page 23 and 24:
Installation planning and performin
Page 25 and 26:
Preface Fixed-width bold Fixed-widt
Page 27 and 28:
Long syntax descriptions split acro
Page 29 and 30:
On UNIX platforms, use the OpenEdge
Page 31 and 32:
Preface normally appear. 4. The nam
Page 33 and 34:
Preface ACTION, ARISING OUT OF OR I
Page 35 and 36:
Preface PERFORMANCE OF THIS SOFTWAR
Page 37 and 38:
Preface ("SUN") AND ITS LICENSORS S
Page 39 and 40:
Preface advertising or otherwise to
Page 41:
Installation Chapter 1, Windows Ins
Page 44 and 45:
Chapter 1: Windows Installation Req
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Chapter 2: UNIX Systems Installatio
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Chapter 3: OpenEdge Installation Pr
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Chapter 4: Performing an OpenEdge I
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Chapter 6: Administration Utilities
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215: Chapter 6: Administration Utilities
Page 221 and 222: Working in the OpenEdge Environment
Page 223 and 224: JDKHOME Reviewing environment varia
Page 225 and 226: Table 41 lists the supported enviro
Page 227 and 228: PROCONV - The filename (or full pat
Page 229 and 230: Setting OpenEdge Program Item prope
Page 231 and 232: Getting started with the AdminServe
Page 233 and 234: OpenEdge products supported by the
Page 235 and 236: Running OpenEdge Running OpenEdge S
Page 237 and 238: OpenEdge key and certificate stores
Page 239 and 240: Table 43 shows the appropriate meth
Page 241 and 242: Application development and deploym
Page 243 and 244: Windows 64-bit For information on d
Page 245 and 246: Working in the OpenEdge Environment
Page 247 and 248: UNIX environment variables UNIX env
Page 249 and 250: UNIX environment variables Table 44
Page 251 and 252: UNIX environment variables Table 44
Page 253 and 254: Setting SQL client environment vari
Page 255 and 256: Getting started with the AdminServe
Page 257 and 258: Understanding the built-in terminal
Page 259 and 260: Understanding the built-in terminal
Page 261 and 262: Managing OpenEdge Key and Certifica
Page 263: Managing key stores for OpenEdge se
Page 267 and 268: Managing certificate stores for Ope
Page 269 and 270: Managing certificate stores for Ope
Page 271 and 272: Configuration 10 Once you have inst
Page 273 and 274: Introducing OpenEdge Management and
Page 275 and 276: Overview of OpenEdge Management or
Page 277 and 278: Overview of OpenEdge Management or
Page 279 and 280: AdminServer plugins.proper ties fil
Page 281 and 282: Working with Unified Brokers Workin
Page 283 and 284: Working with Unified Brokers For ge
Page 285 and 286: Working with Unified Brokers • Op
Page 287 and 288: Understanding and using the AdminSe
Page 289 and 290: Understanding and using the AdminSe
Page 291 and 292: Using OpenEdge Management or OpenEd
Page 293 and 294: Saving configurations Using OpenEdg
Page 295 and 296: Using the mergeprop utility Mergepr
Page 297 and 298: Target file Mergeprop utility overv
Page 299 and 300: Mergeprop utility overview • List
Page 301 and 302: Mergeprop utility overview The foll
Page 303 and 304: Mergeprop utility overview To execu
Page 305 and 306: Property value formats Mergeprop ut
Page 307 and 308: Ubroker.properties file and product
Page 309 and 310: Ubroker.properties file structure U
Page 315 and 316:
Command-line utilities reference Co
Page 317 and 318:
Starting and Running OpenEdge 11 Th
Page 319 and 320:
Table 60: Windows GUI startup and s
Page 321 and 322:
Starting OpenEdge as a Windows serv
Page 323 and 324:
Starting the multi-user server or b
Page 325 and 326:
Starting OpenEdge on UNIX platforms
Page 327 and 328:
Starting OpenEdge on UNIX platforms
Page 329 and 330:
Running OpenEdge clients and server
Page 331 and 332:
Page 333 and 334:
-N network-type Specifies the netwo
Page 335 and 336:
Page 337:
OpenEdge Products and Components Pa
Page 340 and 341:
Chapter 12: OpenEdge Installation P
Page 342 and 343:
Page 344 and 345:
Page 346 and 347:
Page 348 and 349:
Page 350 and 351:
Page 352 and 353:
Page 354 and 355:
Page 356 and 357:
Page 358 and 359:
Page 360 and 361:
Page 362 and 363:
Page 364 and 365:
Page 366 and 367:
Page 368 and 369:
Page 370 and 371:
Page 372 and 373:
Page 374 and 375:
Page 376 and 377:
Page 378 and 379:
Page 380 and 381:
Page 382 and 383:
Page 384 and 385:
Page 386 and 387:
Page 388 and 389:
Page 390 and 391:
Page 392 and 393:
Page 394 and 395:
Page 396 and 397:
Page 398 and 399:
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
Page 412 and 413:
Page 414 and 415:
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Page 430 and 431:
Appendix A: Preinstallation Checkli
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
Appendix B: Preinstallation Checkli
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 448 and 449:
Appendix C: Command and Utility Ref
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Page 456 and 457:
Page 458 and 459:
Page 460 and 461:
Page 462 and 463:
Page 464 and 465:
Page 466 and 467:
Page 468 and 469:
Page 470 and 471:
Page 472 and 473:
Appendix D: OpenEdge National Langu
Page 474 and 475:
Page 476 and 477:
Page 478 and 479:
Page 480 and 481:
Page 482 and 483:
Page 484 and 485:
Page 486 and 487:
Page 488 and 489:
Appendix E: NameServer and NameServ
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Appendix F: Configuration Models Sh
Page 508 and 509:
Appendix F: Configuration Models Th
Page 510 and 511:
Appendix F: Configuration Models No
Page 512 and 513:
Appendix F: Configuration Models Cl
Page 514 and 515:
Appendix F: Configuration Models Fi
Page 516 and 517:
Appendix F: Configuration Models Fi
Page 518 and 519:
Appendix F: Configuration Models Pr
Page 520 and 521:
Appendix F: Configuration Models Co
Page 522 and 523:
Appendix G: AdminServer Authorizati
Page 524 and 525:
Page 526 and 527:
Page 528 and 529:
Index Arbitrary sum weight factors
Page 530 and 531:
Index related to installation 209 E
Page 532 and 533:
Index parameter server startup 330
Page 534 and 535:
Index OpenEdge Adapter for Sonic ES
Page 536 and 537:
Index accessing 75 Progress Dynamic
Page 538 and 539:
Index 509 Single-user memory requir
Page 540:
Index 381 Working directory defined
show all

OpenEdge Getting Started: Installation and Configuration - Product ...

Create successful ePaper yourself

Delete template?

Save as template?