I am having to test on XCOM SSL transfer from MF to Windows.
System SSL has been implemented on MVS for XCOM, and openSSL has been setup on Windows XCOM, with an identical root certificate and key.
A loopback SSL transfer all can be done successfully on MF and windows, but we get error when executing transfer from MF to windows, error info is:
XCOMM1510E System SSL: gsk_secure_socket_init: RC = 413: Reason = Certificate signature is incorrect
XCOMM0093E ERROR ACTIVATING SESSION - SESSION NOT ESTABLISHED
and I produced trace on MF side, will upload the trace later. could you please have a review on this problem?
Release : 12.0
Component : CA XCOM Data Transport for z/OS
Not having generated the proper client and server certificates with the proper CA authority certificate on Windows caused the transfers to fail.
If using the sample XCOM certificates on both systems:
Note: If you have already generated sample SSL certificates on Windows for XCOM, please remove them prior to following these steps. The subdirectories and files to remove are:
a. the certs and private sub directories found in %XCOM_HOME%\ssl
b. all index and index.* files, the random.pem file , and all serial and serial.* files.
1. On Windows, run the makeca script.
2. FTP'd the cassl.pem and casslkey.pem from z/OS to Windows. Assuming that you used the sample OpenSSL certs, converted them to PCSK12, and imported them to the IBM System SSL database.
3. Replaced the cassl.pem and casslkey.pem on Windows, in the %XCOM_HOME%\ssl\certs and %XCOM_HOME%\ssl\private directories, with the pem files from z/OS.
4. Run the makeclient and makeserver scripts on Windows.
5. Perform a loopback on Windows and then try the transfer from z/OS to Windows