Internal XCOM error "Txpi 308: TxpiInitSSL Failed" with text "key values mismatch"
search cancel

Internal XCOM error "Txpi 308: TxpiInitSSL Failed" with text "key values mismatch"


Article ID: 236365


Updated On:


XCOM Data Transport


During initialization of an encrypted XCOM transfer using the underlying crypto software OpenSSL, the following error message might arise. The example showed up in Windows, but the internal message Txpi 308 may arise in any platform using OpenSSL

XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch> value = 0

What does this message mean and how to deal with it?



Release : 11.6

Component : XCOM Data Transport for Windows


The text within angles originates in OpenSSL and means that the pair of keys passed by XCOM (the public key, also known as 'certificate', and the private key) don't have the mathematical relationship which they must have in order to be used for cryptography.

These keys are stored in files which are referred to in the SSL configuration file, which in turn is referred to in parameter XCOM_CONFIG_SSL= of global XCOM parameters file xcom.glb

Sections [CERTIFICATE] and [PRIVATEKEY] in the SSL config file name the files containing the certificate and the private key respectively.. When XCOM initiates a transfer, the files used are named in the INITIATE_SIDE parameters, and files named in the RECEIVE_SIDE parameters are used when XCOM processes an incoming connection.


The keys specified in CERTIFICATE and PRIVATEKEY must match. If the correct files cannot be identified, then a new key pair needs to be generated or purchased. There is no other option.

It is possible to check manually whether the keys match using the OpenSSL utility (which is delivered with XCOM) to compute their modulus. The keys match if they have the same exact modulus.

For a file containing a certificate, the command is:                          
   openssl x509 -noout -modulus -in certificate_file | openssl md5

For a file containing a private key, the command is                           
   openssl rsa -noout -modulus -in private_key_file | openssl md5


The second part of each command (openssl md5) is not actually required, but it is very useful. It computes the md5 checksum from the modulus (which is a very long number) for ease of compare.