CA XCOM SSL transfer fails with "XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295"
Article ID: 129195
Updated On:
Products
CA XCOM Data Transport
CA XCOM Data Transport - Windows
CA XCOM Data Transport - Linux PC
CA XCOM Data Transport - z/OS
Issue/Introduction
A CA XCOM SSL transfer from Windows to Linux is failing. From the GUI interface "History Records" -> "Log Browser" shows:
2019/03/12 06:48:39 TID=000014 PRG=xcomtcp PID=6464 IP=155.35.245.125 PORT=8045
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295:
2019/03/12 06:48:39 TID=000014
#XCOMN0298E Unable to allocate remote transaction program: Txpi 215: Socket send error return value = 10038
2019/03/12 06:48:39 TID=000014 PRG=xcomtcp PID=6464 IP=155.35.245.125 PORT=8045
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295:
2019/03/12 06:48:39 TID=000014
#XCOMN0298E Unable to allocate remote transaction program: Txpi 215: Socket send error return value = 10038
Cause
The root certificate had been created separately on each machine using the sample script makeca.bat/makeca. However it needs to be the same on all partner machines used for file transfers.
Environment
CA XCOM 11.6 SP2
Resolution
1. Stop the Linux XCOM scheduler
2. Using XCOM file transfer or ftp (binary mode) copy the root certificate files from the Windows machine to the Linux machine to override the existing certificate files there i.e. copy these 2 files:
%XCOM_HOME%\ssl\certs\cassl.pem -> $XCOM_HOME/ssl/certs/cassl.pem
%XCOM_HOME%\ssl\private\casslkey.pem -> $XCOM_HOME/ssl/private/casslkey.pem
3. Recreate the server and client certificates on the Linux machine using these commands:
cd $XCOM_HOME
./makeserver
./makeclient
4. Start the Linux XCOM scheduler.
The file transfer problem should then be resolved.
2. Using XCOM file transfer or ftp (binary mode) copy the root certificate files from the Windows machine to the Linux machine to override the existing certificate files there i.e. copy these 2 files:
%XCOM_HOME%\ssl\certs\cassl.pem -> $XCOM_HOME/ssl/certs/cassl.pem
%XCOM_HOME%\ssl\private\casslkey.pem -> $XCOM_HOME/ssl/private/casslkey.pem
3. Recreate the server and client certificates on the Linux machine using these commands:
cd $XCOM_HOME
./makeserver
./makeclient
4. Start the Linux XCOM scheduler.
The file transfer problem should then be resolved.
Additional Information
CA XCOM Data Transport > Administrating > Generate SSL Certificates: https://docops.ca.com/ca-xcom-data-transport-for-windows/11-6-01/en/administrating/generate-ssl-certificates
"CA XCOM Creating Certificates on a Partner using the same Root Certificate": https://comm.support.ca.com/kb/CA-XCOM-Creating-Certificates-on-a-Partner-using-the-same-Root-Certificate/KB000009506
CA Educate YouTube videos for CA XCOM: https://www.youtube.com/user/Educate/search?query=xcom
"CA XCOM Data Transport: How to Generate Certificates for SSL Transfers": https://www.youtube.com/watch?v=AxFxvUVQPno
"CA XCOM Creating Certificates on a Partner using the same Root Certificate": https://comm.support.ca.com/kb/CA-XCOM-Creating-Certificates-on-a-Partner-using-the-same-Root-Certificate/KB000009506
CA Educate YouTube videos for CA XCOM: https://www.youtube.com/user/Educate/search?query=xcom
"CA XCOM Data Transport: How to Generate Certificates for SSL Transfers": https://www.youtube.com/watch?v=AxFxvUVQPno
Feedback
Yes
No
Powered by
