Trying to implement root certificate from XCOM for Windows server1 on XCOM for Windows server2
Have previously run these 3 scripts makeca, makeclient, makeserver on both servers.
Have now:
1. Deleted all files on server2 under directories %XCOM_HOME%\ssl\certs and %XCOM_HOME%\ssl\private
2. Copied the certificate files cassl.pem (certs directory) and casslkey.pem (private directory) from server1 to the corresponding directories on server2.
3. When run script makeclient on server2 from a command prompt receive this message:
===
C:\Program Files\CA\XCOM\Ssl>makeclient
">>>>> Generating the sample client certificate..."
">>>>> Generating the client cert request..."
">>>>> Setting OPENSSL_CONF variable..."
Generating a 1024 bit RSA private key
...........................++++++
...................++++++
writing new private key to 'C:\Program Files\CA\XCOM\ssl\private\clientkey.pem'
-----
">>>>> Generating the client cert..."
Using configuration from C:\Program Files\CA\XCOM\\ssl\\cassl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'CA-XCOM Data Transport SSL Client'
localityName          :ASN.1 12:'clientssl_City'
stateOrProvinceName   :ASN.1 12:'clientssl_State'
countryName           :PRINTABLE:'US'
organizationName      :ASN.1 12:'clientssl_Company'
organizationalUnitName:ASN.1 12:'clientssl_Unit'
name                  :ASN.1 12:'clientssl_Name'
title                 :ASN.1 12:'clientssl_Title'
description           :ASN.1 12:'clientssl_Description'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Aug  8 23:51:36 2024 GMT (365 days)
failed to update database
TXT_DB error number 2
===

Note the last 2 lines:
failed to update database
TXT_DB error number 2

Although the file private\clientkey.pem was created with non-zero bytes the file certs\clientcert.pem was created with zero bytes.
Tried to delete index.txt and serial files but makeclient would then complain they were missing and would not execute.

As the 3 scripts had already been run on serevr2, first a file cleanup is required, before running the makeca script and then copying over the server2 certificate files.

Detailed steps:

1. On server 2 delete these files/directories:
  - certs and private directories in the %XCOM_HOME%\ssl directory
  - all index* files in the %XCOM_HOME%\ssl directory
  - all serial* files in the %XCOM_HOME%\ssl directory
  - random.pem file in the %XCOM_HOME%\ssl directory

2. On server2 just run the makeca script.
This will recreate the certs and private directories and the cassl.pem (certs) and casslkey.pem (private) files.
Delete those new files.

3. Copy the files cassl.pem (certs directory) and casslkey.pem (private directory) from server1 to the corresponding directories on server2.

4. On server 2:
Run the makeclient and makeserver scripts.

5. On server2:
Run the listca, listclient, and listserver scripts to view and check the certificates.

Test the SSL handshake from server1 to server2 using the command:
"%XCOM_HOME%\xcomtcp" -ping REMOTE_SYSTEM=server2 PORT=8045 SECURE_SOCKET=YES TRNENCRL_CIPHER=ALL
The result should be similar to this:
Copyright (c) 2012 CA.  All rights reserved.
XCOMN0882I PING INFO FOR server2
XCOMN0882I RELEASE=r11.6   SP03 GEN LEVEL 22073    SYSTEM NAME=server2  SYSTEM ID=win2  
XCOMN0882I NEGOTIATED CIPHER=XCOM

If errors still occur add "-t" parameter to the above command to get more trace output i.e.
"%XCOM_HOME%\xcomtcp" -t -ping REMOTE_SYSTEM=server2 PORT=8045 SECURE_SOCKET=YES TRNENCRL_CIPHER=ALL
Also, check the %XCOM_HOME%\xcom.log files on server1 and server2.