Before you obtain a digital certificate, you must create a keystore to hold the identity and CA certificates. Creating a keystore also places a self-signed certificate and key pair into the store.

Note: For improved readability of the command-line samples in this document, each command-line option appears in its own line. However, you must actually type the command as one continuous string, without including any return characters.

To create the keystore, type the following command all on one line:

keytool
-genkey
-dname "CN=<mypc>, OU=<dept.> O=<company>, L=<city>, S=<state>, C=<country>" 
-alias <alias> 
-keypass <alias-passphrase>	
-keystore <Full-path-to-OpenEdgeManagement-install-dir>/conf/myIdentityKeystore.jks
-storepass <keystore passphrase>
-validity <days> 
-keyalg rsa 
-keysize 1024

Where:

-genkey
Creates the public-private key pair and wraps the public key into a self-signed certificate.
-dname
Defines the distinguished name string that identifies your site, as described in the following table.
Table 1. Distinguished name string components
ComponentDescription
CNThe common name, which is typically the host name for the system. (If you do not type the host name, you will get an alert from the browser.)
OUThe name of your organization or department.
OThe name of your company.
LThe name of your city.
SThe name of your state.
CThe name of your country.
-alias
A value that identifies a specific certificate/key pair. You must provide a unique alias for each certificate and key pair in a keystore. In the example shown here, the alias is Acme.
-keypass
A password that you will use to access a specific certificate and key pair. In the example shown here, the keypass is coyote.
-keystore
The full path (relative to the OpenEdge Management installation directory) and the name of the keystore file you want to create.

In the example shown earlier in this section, myIdentityKeystore.jks is the keystore name. If the keystore file were located in the default location for OpenEdge Management, for example, it would be in the Progress\oemgmt\conf directory.

-storepass
A password for the keystore. In the example shown here, the storepass is roadrunner.
-validity
The length of time, in days, that the certificate can be used. The default is 90 days.
-keyalg
The algorithm being used to create the certificate signature.

Use this option to override the default value of dsa by specifying rsa, which is the default used by the Jetty Web server and required by Internet Explorer and Netscape.

-keysize
The default key size of 1024; other values include 512 and 2048.

A sample of creating a keystore appears in the following figure.

Figure 1. Creating a keystore


This sample command accomplishes the following:

  • Generates a public-private key pair for the entity whose distinguished name (DN) has a common name (CN) of mypc, the organizational unit (OU) Dev, the company (O) Acmeco, the city (L) Tucson, the state (S) AZ, and the country (C) US.
  • Establishes that the certificate is valid for 90 days and is associated with the private key in a keystore entry referred to by the alias Acme.
  • Assigns to the private key the keypass (password) coyote.
  • Creates the keystore named myIdentityKeystore in the Progress\oemgmt\conf directory, which is the default location for an installation of OpenEdge Management.
  • Assigns to the keystore the storepass (password) roadrunner.
  • Uses the rsa key-generation algorithm to create the keys.
  • Establishes the size for each key as 1024.
  • Creates a self-signed certificate that includes the public key and the distinguished name details.

Note that if you choose not to type the entire command, you can begin by typing only the -genkey command. The utility then prompts you for each of the subsequent pieces of information.