Use the following steps to create and deploy a certificate for HTTPS with OpenEdge Authentication Gateway Server:

1. Create a valid certificate using the pkiutil utility. See the pkiutil in Manage OpenEdge Keys and Certificates for details and complete syntax.
   The result of running pkiutil is:

   • Certificate Authority certificate (CA.cer)
   • Public certificate (name.cer)
   • PEM file (name.pem)
2. Import the certificates for use by OpenEdge executables using certutil that place hashfiles in the appropriate %DLC% directory, as shown:
   • Run certutil import CA.cer

     This creates a %DLC%/certs/hashfile.0

   • Run certutil import name.cer

     This creates a %DLC%/certs/hashfile.0

   • Copy name.pem to %DLC%/keys

   Repeat this step on all database installations accessing the OpenEdge Authentication Gateway server.

3. Change the keystore for the OpenEdge Authentication Gateway server to use the new certificate, as follows:
   1. Save the current keystore to a backup. For example:

      mv tomcat-keystore.p12 tomcat-keystore.p12.orig

   2. Create a new keystore. For example:

      sslc pkcs12 -export -in %DLC%/keys/name-systest.pem -out tomcat-keystore.p12 -name ux-systest

      You will be prompted for:
      • Pass phrase for the .pem file
      • Export password
      • Verification of export password
   3. Verify the keystore. For example:

      keytool -list -v -keystore tomcat-keystore.p12 -storetype pkcs12

4. Modify the OpenEdge Authentication Gateway Server to load the new keystore using the tcman config utility. For example:

   tcman config psc.as.https.keypass=password tcman config psc.as.https.keyalias=name

5. Restart the OpenEdge Authentication Gateway Server.