XCOMN0780E "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
search cancel

XCOMN0780E "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"


Article ID: 129195


Updated On:


XCOM Data Transport XCOM Data Transport - Windows XCOM Data Transport - Linux PC


An XCOM SSL transfer from Windows to Linux is failing. From  the GUI interface "History Records" -> "Log Browser" shows:

2019/03/12 06:48:39 TID=000014 PRG=xcomtcp PID=6464 IP=<IP Address>.125 PORT=8045 
XCOMN0780E Txpi  308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295:

2019/03/12 06:48:39 TID=000014 
#XCOMN0298E Unable to allocate remote transaction program: Txpi 215: Socket send error return value = 10038


The root certificate had been created separately on each machine using the sample script makeca.bat/makeca. However it needs to be the same on all partner machines used for file transfers.


1. On the Linux server:
a. Stop the XCOM for Linux xcomd service/daemon and backup the directory $XCOM_HOME/ssl.

b. Delete these files/directories:
  - certs and private directories in the directory $XCOM_HOME/ssl.
  - all index* files in the directory $XCOM_HOME/ssl.
  - all serial* files in the directory $XCOM_HOME/ssl.
  - random.pem file in the directory $XCOM_HOME/ssl.

c. Run the makeca script.
This will recreate the certs and private directories and the cassl.pem (certs) and casslkey.pem (private) files.
Delete those new files.

2. Copy the root certificate files from the Windows server to the Linux server i.e. copy these files in ASCII mode:
%XCOM_HOME%\ssl\certs\cassl.pem -> $XCOM_HOME/ssl/certs/cassl.pem
%XCOM_HOME%\ssl\private\casslkey.pem -> $XCOM_HOME/ssl/private/casslkey.pem

3. Recreate the server and client certificates on the Linux server using these commands: 

4. Start the XCOM for Linux xcomd service/daemon.

The file transfer problem should then be resolved.

NOTE: It is not strictly necessary to stop xcomd because it re-reads the ssl directory every time a transfer is made. However to prevent transfers from taking place during the above changes it is good idea to do so.

Additional Information

Related documentation: Generating TLS/SSL Certificates

Related articles:
Setting up XCOM partners to use the same root certificate
XCOM SSL scripts "failed to update database", "TXT_DB error"