How to create certificates on an XCOM partner server using the same root certificate.  These directions use the sample certificates and make files we provide.  There are directions on how to move the root certificates from platform to platform

Once you have created the root certificate on your machine, you can create certificates using that root for your partners. The files required for the root certificate are cassl.pem and casslkey.pem.

1. Go to the partner system 
   
   
2. Edit the configssl.cnf, cassl.conf, clientssl.conf, and serverssl.conf configuration files and specify the directory path for this machine.
   
   
3. On the partner system run makeca only. This will create the CERTS and PRIVATE directories with the cassl.pem and casslkey.pem files.
   NOTE: You must run the makeca on this machine because it generates the random.pem file. Without that file the file transfers will not work 
   
   
4. Now you can either perform an XCOM transfer from that partner to RECEIVE the cassl.pem and casslkey.pem file from your machine and it will overwrite the ones just created earlier. This is a non-SSL transfer and the encoding should be BINARY OR ASCII (See Special Considerations when Transferring the Root Certificate below).
   Alternatively, you can use FTP to transfer the files from the machine on which you created the files. 
   
   
5. Run the listca script to verify the certificate files were transferred correctly
   
   
6. Run the makeclient and makeserver scripts.
   
   
7. Run the list scripts listserver, listclient to verify the certificates.

NOTE: You need to repeat this procedure for every partner that will be sending and receiving encrypted transfers.

Special Considerations when Transferring the Root Certificate

The end of line sequence is different on Windows than on UNIX and Linux.

If the partners are UNIX or Linux and z/OS then create the cassl.pem and casslkey.pem files first on UNIX or Linux. This way you can transfer them from UNIX or Linux in ASCII mode. The files are in text mode and they will transfer successfully

If the partners are Windows and z/OS and you create the certificates initially on Windows you will then need to do the following:

1. Open the cassl.pem file to be sent in Wordpad
   
   
2. In Wordpad do a File/Save As. Give the certificates a new name and save it in text format, you will get a message that the file is being written in a text only format and you will need to say YES/OK to continue.
   
   
3. Wordpad will also append a .txt extension to the saved certificate.
   
   
4. Repeat for the casslkey.pem file
5. Once you have saved the certificate files you can transfer them to z/OS as ASCII files

NOTE: This is required because the Windows certificates have an end of line sequence which is a carriage return, linefeed (x0D x0A). With Unix or Linux there is an end of line character which is linefeed (x0A). So, before you send the certificates to z/OS you need to use some utility that will convert the linefeeds to carriage return line feeds. In the example above, it is the Windows Wordpad Utility.