The z/OS digital certificates used by XCOM for secure SSL transfers are getting renewed.
The security team are updating the certificates in the keyring that the XCOM SSL config file is using.
Please provide advice on:

1. Does the XCOM started task (STC) need to be restarted after the certificate renewal?
   
   
2. What is the best practice to follow for SSL file transfer verification after the certificate renewal?

1. The certificate renewal is dynamic as far as XCOM is concerned. The XCOM SSL config file designated by XCOM CONFIG parameter XCOM_CONFIG_SSL (e.g. SYSconfigssl.cnf) is read every time an SSL transfer is executed so even if there are changes to that file the XCOM STC does not need to be restarted to pick up those changes. (In this particular scenario that file is not even being touched and the keyring it references is just being updated with new certificates).
   
   
2. After making certificate changes the normal best practice advice is to run a secure/SSL loopback test on the z/OS system i.e. using the local IP (127.0.0.1) for the IPNAME in the transfer. If that is successful then proceed to run one of the standard SSL transfers to an XCOM partner.