When sending from the mainframe to Linux or UNIX, the following message is displayed:
XCOMU0780E Txpi 308: TxpiInitSSL Failed msg = <error:14094415:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate expired +++ SSL alert number
45> value = 0:
A loopback transfer on Linux or UNIX side generates this message:
XCOMU0298E Unable to allocate remote transaction program: Txpi 215:rv=9
One or more of the certificates has expired.
The problem is on the UNIX or Linux side because the error message has a U in the 5th position indicating where the error originated.
Here is how to do this if you are using the sample certificates:
Backup the current root certificate and key
These are the private/casslkey.pem and certs/cassl.pem files. You must save these because these files must match on both partners (and on all the partners sending SSL files to one another).
Delete the current certificates
Before you regenerate the certificates, you must delete the existing certificates.
** Be very careful with this **
Manually delete the CERTS & PRIVATE subdirectories that are in the SSL subdirectory under your XCOM install directory.
You also need to delete the following files:
all index.* files in the SSL subdirectory
all serial.* files in the SSL subdirectory
the random.pem file in the SSL subdirectory
Set the parameters for the new expiration date
To do this, you specify how long, in days, the certificate will be valid.
For example, to extend the certificates for 1 year, do the following. (You may also choose any other time period you want, for example, 2 years, 10 years.)
Edit the parameter "default_days=" in the [CA-XCOM] section of the cassl.conf file and set to 365. Save the cassl.conf file.
Modify makeca.bat also to add -day 365 at the end of the OPENSSL command:Openssl req x509 newkey rsa out ./certs/cassl.pem outform PEM -days 365
Create the Certificate Authority certificate.
Restore the original root certificate and key
Copy the saved casslkey.pem to the private directory and the cassl.pem file to the certs directory. This will overlay the dummy casslkey.pem and cassl.pem files that makeca just created.
Run makeclient, makeserver
Run the makeclient and makeserver scripts again to regenerate the certificates with the new expiration date