XCOMM1512E System SSL XCOM_CONFIG_SSL error
search cancel

XCOMM1512E System SSL XCOM_CONFIG_SSL error

book

Article ID: 274620

calendar_today

Updated On:

Products

XCOM Data Transport - z/OS

Issue/Introduction

After applying PTF LU07625 secured transfers are failing with message:

XCOMM1512E System SSL XCOM_CONFIG_SSL error. One or more verify criteria were not met.

The value of parameter XCOM_CONFIG_SSL was verified and the parameter in the SYSconfigssl.cnf file has the proper values. 

Environment

Release : 12.0

XCOM Data Transport for z/OS

Cause

After the removal of the ETPKI from the file, LU07625 also addressed the functions to read and parse the System SSL configuration file.

Resolution

In this specific case, please comment out the HOST_NAME function section from the SYSconfigssl.cnf file, since there is no HOST_NAME value to match in the SSL certificate. 

If there is a [HOSTNAME] section in the SSL config file, then System SSL expects that there will at least be some HOSTNAME in the certificates being used. 

If INITIATE_SITE and/or RECEIVE_SITE are blank, it will match any HOSTNAME, but there must be one in the certificate. That is why removing [HOSTNAME] from the SSL config makes the secured transfer work. That tells us that the certificate being used does not have any HOSTNAMEs in them.

[HOSTNAME] in the SSL config file on z/OS only applies to how z/OS will match HOSTNAMEs in certificates. It does not impact other partners because that information is only compared in the Local system. It is not transmitted over the network.

So, you don't want to specify any function/parameter in the SYSconfigssl.cnf file that does not have a match in the certificate.

Additional Information

XCOM™ Data Transport® for z/OS 12.0 > Administrating > Implement System SSL> Configure the System SSL Configuration File