Renewal of OpenSSL certificate for use by XCOM for z/OS
search cancel

Renewal of OpenSSL certificate for use by XCOM for z/OS

book

Article ID: 6857

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Windows XCOM Data Transport - Linux PC XCOM Data Transport - z/OS

Issue/Introduction

We need to renew the OpenSSL certificates used with CA XCOM for z/OS that will expire next month. What would be the procedure to follow?

Environment

XCOM™ Data Transport® for z/OS

Resolution

If you used the XCOM sample "make" scripts to generate your SSL certificates for z/OS you will need to: 

  1. Backup your ssl directory and configssl.cnf 
  2. Remove all the files and/or directories: 
    1. all index.* files 
    2. all serial and serial.* files 
    3. the certs and private directories 
    4. the random.pem file 
  3. Set your new expiration dates in your cassl.conf file, parameter "default_days=" and modify the "makeca" scripts OPENSSL command:            Openssl req x509 newkey rsa out ./certs/cassl.pem outform PEM -days nnn where "nnn" is the number of days you want to certificate to be valid
     for. See Prepare the CA, Client and Server Certificates in our online documentation.
  4. Run the makeca, makeclient, makeserver scripts.
  5. Run the listca, listclient, listserver scripts to verify your expiration dates 
  6. Run a loopback transfers to make sure the certificates are valid. 

The above instructions are only valid if you used our sample "make" scripts. If your certificates were acquired via a third party vendor then you need to check with your Security Admin for those procedures. 

Additional Information

You may find similar Knowledge Documents for XCOM for Windows/Linux/Unix while searching for related documents.

Powered by Wolken Software