CA XCOM SSL transfer fails with "XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295"

book

Article ID: 129195

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Windows CA XCOM Data Transport - Linux PC CA XCOM Data Transport - z/OS

Issue/Introduction

A CA XCOM SSL transfer from Windows to Linux is failing. From  the GUI interface "History Records" -> "Log Browser" shows:

2019/03/12 06:48:39 TID=000014 PRG=xcomtcp PID=6464 IP=155.35.245.125 PORT=8045 
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295: 

2019/03/12 06:48:39 TID=000014 
#XCOMN0298E Unable to allocate remote transaction program: Txpi 215: Socket send error return value = 10038

Cause

The root certificate had been created separately on each machine using the sample script makeca.bat/makeca. However it needs to be the same on all partner machines used for file transfers.

Environment

CA XCOM 11.6 SP2

Resolution

1. Stop the Linux XCOM scheduler

2. Using XCOM file transfer or ftp (binary mode) copy the root certificate files from the Windows machine to the Linux machine to override the existing certificate files there i.e. copy these 2 files:
%XCOM_HOME%\ssl\certs\cassl.pem -> $XCOM_HOME/ssl/certs/cassl.pem
%XCOM_HOME%\ssl\private\casslkey.pem -> $XCOM_HOME/ssl/private/casslkey.pem

3. Recreate the server and client certificates on the Linux machine using these commands: 
cd $XCOM_HOME 
./makeserver 
./makeclient 

4. Start the Linux XCOM scheduler.

The file transfer problem should then be resolved.

Additional Information

CA XCOM Data Transport > Administrating > Generate SSL Certificates: https://docops.ca.com/ca-xcom-data-transport-for-windows/11-6-01/en/administrating/generate-ssl-certificates

"CA XCOM Creating Certificates on a Partner using the same Root Certificate": https://comm.support.ca.com/kb/CA-XCOM-Creating-Certificates-on-a-Partner-using-the-same-Root-Certificate/KB000009506

CA Educate YouTube videos for CA XCOM: https://www.youtube.com/user/Educate/search?query=xcom
"CA XCOM Data Transport: How to Generate Certificates for SSL Transfers"https://www.youtube.com/watch?v=AxFxvUVQPno