CA XCOM error message XCOMU0780E Txpi 316: TxpiSSL peer certificate: Certificate verification failed (SERIAL_NUMBER) error 8:

Document ID : KB000027245
Last Modified Date : 03/10/2018
Show Technical Document Details
Introduction:

Your transfer is failing with the following error message.  Note the the fifth letter of the error message may vary according to the platform.  For example Of z/OS (MVS) the error message will be XCOMM0780E.

Client side
Server side
XCOMU0780E Txpi 316: TxpiSSL peer certificate: Certificate verification failed (SERIAL_NUMBER) error 8:Server side; #XCOMU0298E Unable to allocate remote transaction program: Txpi 215: Socket send error return value = 9

 

 

Background:
A CA XCOM SSL transfer will fail with the error message(s) above when the specified [SERIAL_NUMBER] does not match the serial number in the actual certificates.
Instructions:

1) Use listclient.bat(or listclient in UNIX or OMVS) listserver.bat(listserver in UNIX or OMVS) to display the SERIAL_NUMBERs.  The correct Serial Number should defined in the clientssl.conf file.

Client side
Server side
[SERIAL_NUMBER][SERIAL_NUMBER]
INITIATE_ SIDE 1 =INITIATE_ SIDE 1 =
RECEIVE_ SIDE 1 =RECEIVE_ SIDE 1 =

2) INITIATE_ SIDE 1 of client must have a valid SERIAL_NUMBER if INITIATE_ SIDE =YES in VERIFY_CERTIFICATE section of client.
    In this case, INITIATE_ SIDE 1 of client specifies the valid SERIAL_NUMBER (or range) of server certificate(s). 

Example on Client side:

%XCOM_HOME%\ssl\listclient.bat (or listclient in UNIX or OMVS)

">>>>> Listing the client cert..."

Certificate:

Data:
Version: 3 (0x2)

Serial Number: 2 (0x2) ? --- "2" is the SERIAL_NUMBER of client certificate Signature Algorithm: sha1WithRSAEncryption

Issuer: serialNumber=3456, L=ca_your_City, ST=ca_your_State, C=US, O=ca_your_Company, OU=ca_your_Unit/emailAddress=ca-ca_xcom@ca.com

Validity

Not Before: Aug 21 05:27:54 2015 GMT

Not After : Aug 20 05:27:54 2020 GMT
 

Example on Server side:

%XCOM_HOME%\ssl\listserver.bat (or listserver in UNIX or OMVS)

">>>>> Listing the server cert..."

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 1 (0x1) ? --- "3" is the SERIAL_NUMBER of server certificate Signature Algorithm: sha1WithRSAEncryption

Issuer: serialNumber=3456, L=ca_your_City, ST=ca_your_State, C=US, Oca_your_Company, OU=ca_your_Unit/emailAddress=ca-ca_xcom@ca.com

Validity

Not Before: Aug 21 05:27:47 2015 GMT

Not After: Aug 20 05:27:47 2020 GMT

 NOTE: In example 1, the serial number is 2.  In example 2, the serial number is 1.