Previous Topic: Creating the Client Certificate

Next Topic: Configuring the CA XCOM Data Transport Client

Generating SSL CertificatesConfiguring the CA XCOM Data Transport SSL Server

Configuring the CA XCOM Data Transport SSL Server

To configure CA XCOM Data Transport to use the CA and server certificates for establishing server (remote) SSL connections

  1. Review and modify the CA XCOM Data Transport SSL configuration file, configssl.cnf, so that the settings meet your site standards. Server connections use the RECEIVE_SIDE values. Also, ensure that the XCOM_HOME environment variable is set correctly to the XCOM installed location since it is used within this file.
  2. Set the XCOM_CONFIG_SSL parameter in your default options table/global file to point to your customized configssl.cnf file.

    Note: For z/OS, the path and file name must be an HFS file.

  3. Configure CA XCOM Data Transport to receive remote SSL connections:
    1. For z/OS, specify the TCP/IP port that will accept SSL connection requests using the SSLPORT and/or SSLPORTV6 default options table parameters. In addition, the default options table parameter, SSL, must also be set to one of the following values:
      • ONLY—To allow incoming SSL transfers only
      • ALLOW—To allow both incoming SSL and incoming non-SSL transfers to this server
    2. For UNIX, during installation, the txpis and txpis6 (where applicable) services along with the default TCP/IP port values that will accept SSL connection requests are automatically added to the inetd configuration files. If different TCP/IP port values are needed from the default values then the txpis and/or txpis6 entries in the /etc/services file will have to be manually changed.
    3. For Windows, if the default TCP/IP port values that accept SSL connection requests need to be changed then they can be modified by using the SSL Port Number and/or the Ipv6 Port Number fields on the TCP/IP tab in the Global Parameters GUI. In addition, the Choose Listeners field may need to be updated from the default of IPv4 Listeners depending on what listeners the site needs to have started.
  4. Verify that the port that receives incoming SSL connections is a unique port that is not in use by any other application. The port used for incoming TCP/IP connections cannot also be used for incoming SSL connections. If CA XCOM Data Transport will be receiving both incoming TCP/IP connections and incoming SSL connections, then two ports are required.
    1. For z/OS, reassemble the default options table and restart the CA XCOM Data Transport server (started task).
    2. For UNIX and Windows, restart the CA XCOM Data Transport service.