Generating SSL Certificates › Configure the SSL Server

Configure the SSL Server

When you configure the SSL server, you enable CA XCOM Data Transport to use the CA and server certificates for establishing server (remote) SSL connections.

To configure the SSL server

1. Review and modify the CA XCOM Data Transport SSL configuration file, configssl.cnf, so that the settings meet your site standards. Server connections use the RECEIVE_SIDE values.
2. Set the XCOM_CONFIG_SSL parameter in your CONFIG member/global file to point to your customized configssl.cnf file.

   Note: For z/OS, the path and file name must be an HFS file.

3. Configure CA XCOM Data Transport to receive remote SSL connections:
   • For z/OS, ensure that TCP/IP support is enabled in CA XCOM Data Transport and specify the TCP/IP port(s) that will accept SSL connection.

     For TCPIPv4, the following values must be set in the CONFIG member:

     • TCPIP=YES
     • SSL={ONLY|ALLOW}
     • SSLPORT=99999, where 99999 is a site defined port

     For TCPIPv6, the following values must be set in the CONFIG member:

     • TCPIP=YES
     • SSL={ONLY|ALLOW}
     • TCPIPV6={ONLY|ALLOW}
     • SSLPORTV6=99999, where 99999 is a site defined port

     Note: For the CA XCOM CONFIG member value combinations to determine which TCP/IP listeners will be started, see the table below.

   • For UNIX, during installation, manually add the txpis and/or txpis6 services and the TCP/IP port(s) that will accept SSL connection requests to the inetd configuration files.
   • For Windows, specify the TCP/IP port that that will accept SSL connection requests using the SSL Port Number on the TCP/IP tab in the Global Parameters GUI.
   • For Windows, specify the TCP/IP port that that will accept SSL connection requests, using the SSL Port Number and/or the Server IPv6 Port Number on the TCP/IP tab in the Global Parameters GUI. If using IPv6 support, ensure that the Choose Listener drop-down box under the Server IPv6 Port Number indicates the correct listener(s) to start.
4. Verify that the port that receives incoming SSL connections is a unique port that is not in use by any other application. The port used for incoming TCP/IP connections cannot also be used for incoming SSL connections. If CA XCOM Data Transport will be receiving both incoming TCP/IP connections and incoming SSL connections, then two ports are required.
5. For z/OS, restart the CA XCOM Data Transport server (started task).
6. For UNIX and Windows, restart the CA XCOM Data Transport service.