When you configure a PAS for OpenEdge instance or OpenEdge RDMS for TLS connections, you must specify the password to allow access to the required private-key alias. The value you specify is available to anyone who can read the file or command line where you enter it. To prevent access to this password by unauthorized users, you must specify an encoded form of the password that is equivalent to the password itself.

Note: You must also provide the encoded form of the password for the default_server alias. In OpenEdge Management, when you configure a TLS server with the default_server alias, OpenEdge automatically provides the encoded form of this password.

OpenEdge provides the genpassword command-line utility, which you can use to obtain the encoded form of the cleartext password.

To generate an encoded password, specify an algorithm using the -prefix option. For example: 

proenv>genpassword -prefix oeph1 -password topsecret 
oeph1::c4f2a9aeacd82aaea2392b17fad3f32a
proenv>

Later, to verify that an existing encoded value matches the cleartext password value, you can run genpassword and use two options: the -password option to specify the cleartext password, and the -verify option to specify the encoded one, as in the following example:

proenv>genpassword -password topsecret -verify oeph1::c4f2a9aeacd82aaea2392b17fad3f32a
The passwords match.

proenv>

For more information about the options of the genpassword command-line utility, see genpassword.