SSL Certificates Downloader & Importer
Introduction
SSL (TLS) certificates are required to securely connect to hosts. In order for an OpenEdge to connect to a secured host, at least the root CA certificate must be in the OpenEdge certificate store.
Getting the root CA and other certificates for a host typically requires using a browser. The SmartComponent LIbrary provides the ssl-cert-import utility to automate the process of obtaining and importing certificates into the OpenEdge certificate store.
The ssl-cert-import utility is found in the Consultingwerk/Studio/SslCertificateImporter folder, and is provided as an Ant build file (ssl-cert-import.xml), as well as scripts to run the relevant tasks (ssl-cert-import.cmd on Windows and scl-cert-import.sh on Linux).
Parameters
Windows
The following parameters are recognised by the shell script. In addition to these, the value of DLC is taken from the environment, and if it is not set there, on Windows the registry will be read to find the most recent version of OpenEdge installed.
Note that parameter names are case-sensitive.
Name | Required | Values |
---|---|---|
-host <host-name> | The hostname | |
-port <port-number> | An optional port value. If one is not provided, port 443 is used | |
-root-ca-only | If specified, then only the root CA certificate will be imported (not the host’s entire certificate chain) | |
-output-folder <folder-path> | An output folder for the downloaded certificates. Defaults to “.” | |
-no-install | If this is specified, certificates will only be downloaded and will not be improted into the OpenEdge cefrtificate store. If this option is selected, a set of files named <alpha-numeric>.0 are created in the output folder. These can be imported into an OpenEdge certificate store simply by copying the files into the folder location (defaults to $DLC/certs) . It is recommeneded that you back up any existing files with the same name before overwriting them with the generated files. | |
-verbose or -v | If specified, additional debug information will be written out. | |
-log <logfile-name> | If provided, the output of the Ant command will be written to the specified logfile | |
-dlc <path-to-openedge> | If no DLC environment variable is set, then the path to the OpenEdge install must be provided with this option. This option is only recognised on Linux, on Windows the registry is queried for the latest OpenEdge release. |
Importing the root CA
The root CA certificate for a given host can be installed using the command below.
proenv>scl-cert-import.cmd -Host consultingwerk.com -RootCaOnly
If successful, output similar to the below is produced
Buildfile: c:\Work_STREAM\SmartComponentLibrary\Develop128\ABL\Consultingwerk\Studio\SslCertificateImporter\scl-cert-import.xml
init:
[echo] Getting certificate chain for consultingwerk.com:443
import-root-ca-cert:
[get] Getting: https://curl.se/ca/cacert.pem
[get] To: c:\Work_STREAM\SmartComponentLibrary\Develop128\ABL\Consultingwerk\Studio\SslCertificateImporter\cacert.pem
[get] Not modified - so not downloaded
[echo] Extracting certificate: USERTrust RSA Certification Authority
[ExtractRootCaCertificate] rootCertificatesFile: cacert.pem
[ExtractRootCaCertificate] certificateName: USERTrust RSA Certification Authority
[ExtractRootCaCertificate] outputFile: ./USERTrust-RSA-Certification-Authority.pem
[echo] Root CA certificate extracted to ./USERTrust-RSA-Certification-Authority.pem
[echo] Backing up certificate fc5a8f99.0 to C:\Progress\OPF5A0~1/certs/backup/
[copy] Copying 1 file to C:\Progress\OPF5A0~1\certs\backup
[echo] Importing ./USERTrust-RSA-Certification-Authority.pem with hash fc5a8f99.0
[copy] Copying 1 file to C:\Progress\OPF5A0~1\certs
import-cert-chain:
[echo] Extracting certificate: USERTrust RSA Certification Authority
[ExtractChainCertificates] certChainFile: sslc.txt
[ExtractChainCertificates] outputFolder: .
[ExtractChainCertificates] Extracted 2 certificate(s)
[echo] Importing chain certificate ./star-consultingwerk-com.pem
[echo] Backing up certificate 1d4ddf67.0 to C:\Progress\OPF5A0~1/certs/backup/
[copy] Copying 1 file to C:\Progress\OPF5A0~1\certs\backup
[echo] Importing ./star-consultingwerk-com.pem with hash 1d4ddf67.0
[copy] Copying 1 file to C:\Progress\OPF5A0~1\certs
[echo] Importing chain certificate ./Sectigo-RSA-Domain-Validation-Secure-Server-CA.pem
[echo] Backing up certificate 65ff7287.0 to C:\Progress\OPF5A0~1/certs/backup/
[copy] Copying 1 file to C:\Progress\OPF5A0~1\certs\backup
[echo] Importing ./Sectigo-RSA-Domain-Validation-Secure-Server-CA.pem with hash 65ff7287.0
[copy] Copying 1 file to C:\Progress\OPF5A0~1\certs
BUILD SUCCESSFUL
Total time: 3 seconds
Importing a host’s certificate chain
The entire certificate chain, including the root CA certificate, for a given host can be installed using the command below.
proenv>scl-cert-import.cmd -Host consultingwerk.com
If successful, output similar to the below is produced.