Using CA certificates with CA XCOM for Windows getting certificate unknown
search cancel

Using CA certificates with CA XCOM for Windows getting certificate unknown

book

Article ID: 46118

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Windows XCOM Data Transport - Linux PC XCOM Data Transport - z/OS

Issue/Introduction

When testing a loopback transfer using a Microsoft CA, the following messages are displayed:

TID=REMOTE PRG=xcomtcp PID=1234 IP=127.0.0.1:65109 
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown +++ SSL alert number 46> value = 0: 

TID=000029 PRG=xcomtcp PID=98772 IP=127.0.0.1 PORT=8045 
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295:



  

Environment

Release: CA XCOM Data Transport
OPENSSL

Cause

Certificates were not placed correctly.

Resolution

Use the 'openssl verify' utility to test the certificates.

Here is how the certificates should be placed:

The ca_certs.cer goes in both the INITIATE_SIDE and RECEIVE_SIDE of the [CA] section

The folder that holds ca_certs.cer goes in both the INITIATE_SIDE and RECEIVE_SIDE of the [CA_DIRECTORY] section

The client.cer goes in the INITIATE_SIDE of the CERTIFICATE section

The server.cert goes in the RECEIVE_SIDE of the CERTIFICATE section

The files containing the respective private keys go to the [PRIVATEKEY] section