The Unified Broker Framework has the “certStorePath” TLS property to specify the path to the trusted certificate store which is the root certificate for the certificate authority that was used to sign the server certificate. Servers using this customized certificate can connect clients instantiated with a matching certificate specified using -certstorepath command line parameter of the client.

However, in a Probroker configuration, responsibility for spawning a TLS or a non-TLS DataServer servers rests with the Probroker based on whether it was instantiated with a TLS or a non-TLS command line parameter. A TLS-enabled ProBroker can include the following startup parameters to customize the use of certificates and key stores by the brokers.
Table 1.
Parameter Description
-certstorepath The path to the trusted certificate store. The root certificate for the certificate authority that was used to sign the server certificate should be specified by this path.
-keystorepath Specifies the key store location.
-keyalias Specifies the alias set for a private/public key. If this parameter is not provided, the server certificate alias that is provided by OpenEdge is used.
-keyaliaspasswd Specifies the encoded password set for the alias of the private/public-key to access the server Private Key / Digital Certificate key store entry. You can use the OpenEdge provided genpassword utility for encoding your passwords.

For more information on the genpassword utility, see genpassword.
For example a Probroker can be started and customized in TLS mode as follows:
_probrkr -S ccall7sv2 –ssl
-certstorepath E:\\users\\<username>\\par\\SHA224\\certs
-keystorepath E:\\users\\<username>\\par\\SHA224\\keys 
-keyalias localhost 
-keyaliaspasswd aedh0::47e13521b02d3f9cf5b16fd59cdb54ec209f017ba290db673cfcbccd6fc247594a94fbeaccb1e24833361eafa0bb7e73
The above Probroker can establish connection to a client which uses a matching certificate:
prowin -pf parametersFile.pf 
-certstorepath E:\\users\\<username>\\par\\SHA224\\certs 
-nohostverify