Micro Focus Demo CA is an optional component which can be used to enable secure communications for an Enterprise Server listener, the Enterprise Server Common Web Administration (ESCWA) interface, and other Enterprise Server features, for development and test deployments. Demo CA is not supported or secure for production use.
Secure communications uses encryption and authentication of communications endpoints using the industry standard Transport Layer Security (TLS), formerly called Secure Sockets Layer (SSL). It is fully interoperable with standard (non-Micro Focus) SSL/TLS clients and servers. The base Enterprise Server product includes support for integration with Public Key Infrastructures (PKIs) and PKI functions, such as processing certificates; these features do not require creating a Demo CA instance.
The Demo CA software enables you to operate as a private Certificate Authority (CA). A CA creates certificates and signs them using its own certificates. Demo CA can set up your CA and create keys and certificates for servers and clients.
Demo CA comprises a number of script files in the Visual COBOL bin directory. When the scripts are run, they create the CA itself and keys and certificates for a server and two kinds of clients, a machine client certificate and a user client certificate.
After successfully executing the main Demo CA script, CreateDemoCA, to create a Demo CA instance, you can find various certificate and key files under the directory you provided as a parameter to the CreateDemoCA script. See Contents of Demo CA for more information.
The private keys created by Demo CA are protected with a passphrase, which you supply when prompted by the Demo CA scripts.
Since Demo CA is a private, experimental CA, the certificates it creates can only be verified using the root and intermediate CA certificates created by that same instance of Demo CA. In order to use the client and server certificates from your Demo CA instance, you will need to configure the peer software - for example, a web browser that connects to an enterprise server listener which uses a Demo CA server certificate - with your Demo CA root and intermediate certificates.
For production systems, you should obtain certificates from a public or organizational CA. Demo CA is only suitable for development and testing purposes.