Creating sample SSL certificates for a Basic Loopback Test for XCOM For WINDOWS
search cancel

Creating sample SSL certificates for a Basic Loopback Test for XCOM For WINDOWS

book

Article ID: 27876

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Windows

Issue/Introduction

Creating sample SSL certificates for a Basic Loopback Test for XCOM For WINDOWS with documentation reference.

Environment

XCOM™ Data Transport® for Windows

Resolution

Do not edit the ssl configuration files- cassl.conf, clientssl.conf or serverssl.conf. 

  1. From your DOS PROMPT:

  2. Change directory to C:\Program Files\CA\XCOM\ssl or the directory you installed into. 

  3. Run makeca followed by makeclient and makeserver.

  4. This will create a CERTS and PRIVATE subdirectory under the SSL directory.

  5. The scripts produce the following files:

    1. makeca: random.pem, certs/cassl.pem and private/casslkey.pem

    2. makeclient: certs/clientcert.pem and private/clientkey.pem

    3. makeserver: certs/servercert.pem and private/serverkey.pem

  6. If you did not use the default path when creating the certificates, edit the
    following parameters in the configssl.cnf and change them to conform to the
    correct path.
    # Mandatory [CA] INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\certs\cassl.pem RECEIVE_SIDE = c:\xcomnt\ssl\certs\cassl.pem
    # Mandatory [CA_DIRECTORY] INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\certs RECEIVE_SIDE = C:\Program Files\CA\XCOM\ssl\certs
    # Mandatory [CERTIFICATE] INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\certs\clientcert.pem RECEIVE_SIDE = c:\xcomnt\ssl\certs\servercert.pem
    # Mandatory [PRIVATEKEY] INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\private\clientkey.pem RECEIVE_SIDE = C:\Program Files\CA\XCOM\ssl\private\serverkey.pem
    [RANDOM] INITIATE_SIDE_FILE = C:\Program Files\CA\XCOM\ssl\random.pem RECEIVE_SIDE_FILE = C:\Program Files\CA\XCOM\ssl\random.pem

  7. Set XCOM_SHOW_CIPHER= to YES in the xcom.glb file and stop and start xcomd. This will allow you to check the encryption key used for the transfer when you issue an

         xcomqm -Dtid
    command.

  8. From the GUI, make the following changes:

    1. Change the PORT from 8044 to 8045 since that is the 
      default port for SSL.

    2. Check that the Secure Socket option is selected.

    3. Make sure that the Secure Socket File has the correct path for the configssl.cnf.

  9. At this point, you can perform a loopback transfer using SSL on your machine.

Additional Information

See the Section Create the TLS/ SSL Certificates in the online documentation

Powered by Wolken Software