When we change the value to NO for the parameters in the VERIFY_CERTIFICATE section of the SYSconfigssl.cnf:
INITIATE_SIDE = NO
RECEIVE_SIDE = NO
The System SSL transfers fail with messages:
XCOMM0812I SECURE TCP/IP REMOTE CONNECTION REQUESTED FROM IP=ipaddress
XCOMM0780E Txpi 410: TxpiSystemSSLConfig Syntax error Element nb: 28 Section =<VERIFY_CERTIFICATE> Parameter = <INITIATE_SIDE>
XCOM r12.0 with IBMâ€™s System SSL configured.
VERIFY_CERTIFICATE has three possible valid settings:
"YES" uses default validation as configured in your System SSL region. "RFC2459" uses the validation protocol as defined in the RFC2459 standard as published by the IEFT organization. "RFC3280" uses the validation protocol as defined in the RFC3280 standard as published by the IEFT.
The value of "NO" has been SPECIFICALLY EXCLUDED in the validation code. This means that certificate validation cannot be disabled for XCOM's implementation of System SSL.
The comments for the VERIFY_CERTIFICATE section provided in the SYSconfigssl.cnf file is incorrect. The comment currently states:
# OPTIONAL, the following specifies if CA XCOM needs to verify the certificate (YES/NO).
The comment will be corrected in a future release.