Value for VERIFY_CERTIFICATE

book

Article ID: 131532

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Windows CA XCOM Data Transport - Linux PC CA XCOM Data Transport - z/OS

Issue/Introduction



I currently implemented IBM System SSL to be used by XCOM for secured transfers, is it possible to specify a value of NO for the following parameter in the SYSconfigSSL.cnf?
 
[VERIFY_CERTIFICATE]  
INITIATE_SIDE = NO
RECEIVE_SIDE  = NO
 

Environment

XCOM r12.0

Resolution

The value of “NO” is not valid value for the VERIFY_CERTIFICATE parameter in the SYSconfigSSL.cnf. This is due to rules being stricter and verification cannot be disabled when using TLS. The proper values for the parameter are: YES, RFC2459 and RFC3280. Specifying a value of YES will validate the certificates using any RFC supported by IBM System SSL.
 
If a value of NO is specified, the transfers will end with message:
 
XCOMM0780E Txpi  410: TxpiSystemSSLConfig Syntax error Element nb: 28 Section =   <VERIFY_CERTIFICATE> Parameter = <INITIATE_SIDE>

Additional Information

The comments in the supplied SYSconfigSSL.cnf will be corrected in a future release.