When the values are changed to NO for the parameters in the VERIFY_CERTIFICATE section of the SYSconfigssl.cnf:
[VERIFY_CERTIFICATE]
INITIATE_SIDE = NO
RECEIVE_SIDE = NO
System SSL transfers fail with messages:
XCOMM0812I SECURE TCP/IP REMOTE CONNECTION REQUESTED FROM IP=ipaddress
XCOMM0780E Txpi 410: TxpiSystemSSLConfig Syntax error Element nb: 28 Section =<VERIFY_CERTIFICATE> Parameter = <INITIATE_SIDE>
XCOM r12.0 with IBM's System SSL configured.
The value of "NO" has been SPECIFICALLY EXCLUDED in the validation code. This means that certificate validation cannot be disabled for XCOM's implementation of System SSL.
VERIFY_CERTIFICATE has three possible valid settings:
YES
RFC2459
RFC3280
"YES" uses default validation as configured in your System SSL region. "RFC2459" uses the validation protocol as defined in the RFC2459 standard as published by the IEFT organization. "RFC3280" uses the validation protocol as defined in the RFC3280 standard as published by the IEFT.
The value of "NO" has been SPECIFICALLY EXCLUDED in the validation code. This means that certificate validation cannot be disabled for XCOM's implementation of System SSL.
The comments for the VERIFY_CERTIFICATE section provided in the SYSconfigssl.cnf file are incorrect. The comment currently states:
# OPTIONAL, the following specifies if CA XCOM needs to verify the certificate (YES/NO).
The comment will be corrected in a future release.