search cancel

XCOM SSL transfer error

book

Article ID: 216306

calendar_today

Updated On:

Products

XCOM - SUPPORT

Issue/Introduction

I am having to test on XCOM SSL transfer from MF to Windows.

System SSL has been implemented on MVS for XCOM, and openSSL has been setup on Windows XCOM, with an identical root certificate and key.

A loopback SSL transfer all can be done successfully on MF and windows, but we get error when executing transfer from MF to windows, error info is:

XCOMM1510E System SSL: gsk_secure_socket_init: RC = 413: Reason = Certificate  signature is incorrect                                                     
XCOMM0093E ERROR ACTIVATING SESSION - SESSION NOT ESTABLISHED

and I produced trace on MF side, will upload the trace later. could you please have a review on this problem?

 

Environment

Release : 12.0

Component : CA XCOM Data Transport for z/OS

Cause

Not having generated the proper client and server certificates with the proper CA authority certificate on Windows caused the transfers to fail.

Resolution

If using the sample XCOM certificates on both systems:

Note: If you have already generated sample SSL certificates on Windows for XCOM, please remove them prior to following these steps. The subdirectories and  files to remove are:

a. the certs and private sub directories found in %XCOM_HOME%\ssl

b. all index and index.* files, the random.pem file , and all serial and serial.* files.


1. On Windows, run the makeca script.
2. FTP'd the cassl.pem and casslkey.pem from z/OS to Windows. Assuming that you used the sample OpenSSL certs, converted them to PCSK12, and imported them to the IBM System SSL database.
3. Replaced the cassl.pem and casslkey.pem on Windows, in the %XCOM_HOME%\ssl\certs and %XCOM_HOME%\ssl\private directories, with the pem files from z/OS.
4. Run the makeclient and makeserver scripts on Windows.
5. Perform a loopback on Windows and then try the transfer from z/OS to Windows