[Progress Communities] [Progress OpenEdge ABL] Forum Post: Following steps on handbook, won't take to solution, at least not clearly

Status
Not open for further replies.
O

OctavioOlguin

Guest
Progress Application Server for OpenEdge: Administration Guide (SECURED) handbook, on page81, chapter : Configuring PAS for OpenEdge for SSL/TLS describes these steps to secure HTTPS security for server, by using SSL... 3. Submit MyCert.pk10, the public key file, to a CA in order to request an SSL certificate. The CA returns both a private and a public (or ROOT) SSL certificate. The certificates are files, usually with either a .crt or a .cer extension. In this example, we'll call the files MyCertPriv.cer and MyCertPub.cer 4. When the SSL certificates are received from the CA, copy them to the OpenEdge-Install-Dir\keys\requests directory. 5. Generate a Privacy Enhance Mail (.pem) formatted file from the private SSL certificate (named MyCertPriv.cer in these examples) obtained from a CA. A PEM file is an encrypted file that contains key store information. You use the OpenEdge PKIUTIL command-line utility to generate the PEM file. You can find more information about the syntax and usage of PKIUTIL in OpenEdge Getting Started: Installation and Configuration. a) In PROENV, change directory to the PAS for OpenEdge instance's/conf directory. For example: proenv> cd C:\MyInstance\conf b) Use the -import option of PKIUTIL to generate the PEM file from the private SSL certificate. For example: proenv> pkiutil -import MySSLPrivKey OpenEdge-Install-Dir\keys\requests\MyCertPriv.cer Note: MySSLPrivKey is the stem filename of the PEM file that will be generated from MyCertPriv.cer. c) When prompted enter the password you used when you created the keystore (i.e. the .pk1 file) in Step 2 on page 83. I get confused, as chatting with sectigo CA (former comodo) support they inform (and I could see) that the *.crt file they sent, is already in PEM format. On previous steps, STEP 5 should be done no matter the cert is alread PEM, or this sentence is missing somethig like "in case you get certificate in binary form, generat a PEM...."??? Also, this step gets out of nowhere a reference to "MySSLPrivKey" which is not clear where did it came from.. I know it clearly says: Note: MySSLPrivKey is the stem filename of the PEM file that will be generated from MyCertPriv.cer. but following instruction on creating this MySSLPrivKey file, gets an error : C:\Progress\OpenEdge\keys\requests>pkiutil -import MySSLPrivKey servicios_sucahersa_com.crt A private key for keystore entry MySSLPrivKey does not exist Assuming that I should avoid that step, as certificate is already on PEM format, go on to next steps to Configuring a PAS for OpenEdge instance for SSL/TLS Step 2 says to execute: proenv> cd C:\MyInstance\conf proenv> sslc pkcs12 -export C:\Progress\OpenEdge\keys\V.pem -out tomcat-keystore.p12 -name mysslprivkey the "C:\Progress\OpenEdge\keys\V.pem" parts is a typo? I don´t have that file on my server... I know clearly we are digesting the previous confusing file in PEM format already , but on executing sslc, I get: C:\home\appsch\conf>sslc pkcs12 -export c:\progress\openedge\keys\requests\servicios_sucahersa_com.crt -out tomcat-keystore.p12 -name sch-ssl pkcs12: Use -help for summary. C:\home\appsch\conf> I checked documentation and it is 11.7 indeed, same as my platform... So this far, and haven't being able to secure server (pasoe 11.7.5)... Any tougths?

Continue reading...
 
Status
Not open for further replies.
Top