How can I create SSL certificates to test with XCOM?

XCOM™ Data Transport® for UNIX/Linux PC

Do not edit the ssl configuration files- cassl.conf, clientssl.conf or serverssl.conf.

From your prompt:

1. Change directory to /usr/spool/xcom/ssl
2.  Run makeca followed by makeclient and makeserver
3. This will create a "certs" and "private" subdirectory under the SSL directory
4. The scripts produce the following files:
   
   a. makeca: random.pem, certs/cassl.pem and private/casslkey.pem
   
   b. makeclient: certs/clientcert.pem and private/clientkey.pem
   
   c. makeserver: certs/servercert.pem and private/serverkey.pem
5. If you did not use the default path when creating the certificates, edit the following parameters in the configssl.cnf and change them to conform to the correct path.

   # Mandatory      [CA]      
   INITIATE_SIDE = /usr/spool/xcom/ssl/certs/cassl.pem     
   RECEIVE_SIDE  = /usr/spool/xcom/ssl/certs/cassl.pem
   # Mandatory      [CA_DIRECTORY]      
   INITIATE_SIDE = /usr/spool/xcom/ssl/certs     
   RECEIVE_SIDE  = /usr/spool/xcom/ssl/certs       
   # Mandatory      [CERTIFICATE]      
   INITIATE_SIDE = /usr/spool/xcom/ssl/certs/clientcert.pem     
   RECEIVE_SIDE  = /usr/spool/xcom/ssl/certs/servercert.pem       
   # Mandatory      [PRIVATEKEY]      
   INITIATE_SIDE = /usr/spool/xcom/ssl/private/clientkey.pem     
   RECEIVE_SIDE  = /usr/spool/xcom/ssl/private/serverkey.pem      
   [RANDOM]      
   INITIATE_SIDE_FILE = /usr/spool/xcom/ssl/random.pem     
   RECEIVE_SIDE_FILE = /usr/spool/xcom/ssl/random.pem

6. Set XCOM_SHOW_CIPHER= to YES in the xcom.glb file and stop and start xcomd. This will allow you to check the encryption key used for the transfer when you issue an:

        xcomqm -Dtid

7. At this point, you can perform a loopback transfer using SSL on your machine. See XCOM UNIX/Linux install verification with loopback transfer test if you need information on how to do a loopback transfer.