Provides the functions to create and manage keystore entries for OpenEdge TLS servers. It creates these entries from pairs of private keys and digital certificates that it stores in the OpenEdge server keystore (located in OpenEdge-Install-Dir\keys).
Note: You must submit a public-key certificate request that is generated for each new keystore entry that you want to create a Certification Authority (CA) with this utility. The CA then returns the necessary server (public-key) certificate for you to import and completes creation of the new keystore entry.
Operating system Syntax
UNIX

Windows

 
pkiutil [ -brief | -verbose ] 
  {   [ -format { DER | PEM }] -display cert-file 
    |[ -format { DER | PEM }] -import alias cert-file 
    | -list [alias...]    |[ -keysize size] -newreq alias 
    | -print alias 
    | -remove alias... 
 |-exportp12 -alias alias-name -p12file p12file-path 
-brief
Provides less information or as specified for the function.
-verbose
Provides more information or as specified for the function.
-format { DER | PEM }
Specifies the certificate format for the -import and -display functions. The default input format for a certificate is Privacy Enhanced Mail (PEM). Because some CAs issue public-key certificates in a binary format (DER) you must specify -format DER to import these certificates.
-display cert-file
Displays the digital certificate file information contained in the operating system disk file, cert-file. You must specify cert-file as a fully qualified operating system file pathname. The -verbose option displays complete certificate information, and the -brief option displays less certificate information for each keystore entry.
-import alias cert-file
Imports a CA-issued TLS server digital (public-key) certificate from the disk file, cert-file, pairs it with the -newreq-generated private key identified by the specified alias name (alias), and places the pair in the keystore as a new entry identified by alias. The function prompts for the same password used to generate the public-key certificate request for this entry.
-list [alias...]
Displays a list of keystore entries identified by each alias name (alias). You can specify multiple aliases, but you cannot use wild cards. If you specify no alias, pkiutil displays all entries in the keystore. The -verbose option displays complete certificate information, and the -brief option displays less certificate information per keystore entry.
[ -keysize size] -newreq alias
Generates a new private/public-key pair and a corresponding public-key certificate request (suitable for submission to a CA), stored under the alias name specified by alias, and placed in the OpenEdge-Install-Dir\keys\requests directory.
You must specify an alias name between 5 and 39 characters long and use only the following characters:
  • "0" to "9"
  • "a" to "z"
  • "A" to "Z"
  • "_" and "-"
Note: The character "-" cannot be used as the first character.

The function prompts for a password with a minimum of four characters using any printable ASCII character. You must use this same password later to create and allow access to the keystore entry generated from this certificate request.

When pkiutil generates the keys and certificate request for this function, by default it generates keys using the RSA asymmetric encryption algorithm with a 1024-bit key size. If you require a different key size, you can specify the number of bits to generate using the -keysize option (valid key sizes must be 512, 1024, or 2048 bits).

-print alias
Displays the public-key certificate request identified by alias.
-remove alias...

Removes the specified entries from the keystore by their alias and moves them to the backup subdirectory of the keystore. Any entry that has the same alias is overwritten. You cannot use wild cards.

-exportp12
Generates the PKCS12 keystore file for PAS for OpenEdge instances using the .pem server or public keys, both of which are also used by other OpenEdge server products.
-alias alias-name
Specifies the name of the PKCS12 keystore file.
-p12file p12file-path
Specifies the path of the location in which the PKCS12 keystore file is saved after it is generated.