XCOMM0780E Txpi  410: TxpiSystemSSLConfig with IBM System SSL with XCOM r12.0
search cancel

XCOMM0780E Txpi  410: TxpiSystemSSLConfig with IBM System SSL with XCOM r12.0

book

Article ID: 4379

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - z/OS

Issue/Introduction

When the values are changed to NO for the parameters in the VERIFY_CERTIFICATE section of the SYSconfigssl.cnf:

   [VERIFY_CERTIFICATE]

   INITIATE_SIDE = NO 

   RECEIVE_SIDE  = NO 

System SSL transfers fail with messages:

XCOMM0812I SECURE TCP/IP REMOTE CONNECTION REQUESTED FROM IP=ipaddress

XCOMM0780E Txpi  410: TxpiSystemSSLConfig Syntax error Element nb: 28 Section =<VERIFY_CERTIFICATE> Parameter = <INITIATE_SIDE>


Environment

XCOM r12.0 with IBM's System SSL configured.

Cause

The value of "NO" has been SPECIFICALLY EXCLUDED in the validation code. This means that certificate validation cannot be disabled for XCOM's implementation of System SSL.

Resolution

VERIFY_CERTIFICATE has three possible valid settings:

YES

RFC2459

RFC3280

"YES" uses default validation as configured in your System SSL region. "RFC2459" uses the validation protocol as defined in the RFC2459 standard as published by the IEFT organization. "RFC3280" uses the validation protocol as defined in the RFC3280 standard as published by the IEFT.

The value of "NO" has been SPECIFICALLY EXCLUDED in the validation code. This means that certificate validation cannot be disabled for XCOM's implementation of System SSL.

 

Additional Information

 

The comments for the VERIFY_CERTIFICATE section provided in the SYSconfigssl.cnf file are incorrect. The comment currently states:

# OPTIONAL, the following specifies if CA XCOM needs to verify the certificate (YES/NO).

The comment will be corrected in a future release.