Setting VERIFY_CERTIFICATE for CA XCOM with IBM System SSL

book

Article ID: 131532

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - z/OS

Issue/Introduction

When configuring XCOM for IBM System SSL is it possible to specify a value of NO for the VERIFY_CERTIFICATE parameter(s) in the SYSconfigSSL.cnf?


 
[VERIFY_CERTIFICATE]  
INITIATE_SIDE = NO
RECEIVE_SIDE  = NO
 

Environment

XCOM r12.0

Resolution

The value of “NO” is not valid value for the VERIFY_CERTIFICATE parameter in the SYSconfigSSL.cnf. This is due to rules being stricter and verification cannot be disabled when using TLS. The proper values for the parameter are: YES, RFC2459 and RFC3280. Specifying a value of YES will validate the certificates using any RFC supported by IBM System SSL.
 
If a value of NO is specified, the transfers will end with message:

 
XCOMM0780E Txpi  410: TxpiSystemSSLConfig Syntax error Element nb: 28 Section =   <VERIFY_CERTIFICATE> Parameter = <INITIATE_SIDE>

Additional Information

The comments in the supplied SYSconfigSSL.cnf will be corrected in a future release.