Creating sample SSL certificates for a Basic Loopback Test for CA XCOM For WINDOWS

Document ID : KB000027876
Last Modified Date : 14/02/2018
Show Technical Document Details


Creating sample SSL certificates for a Basic Loopback Test for CA XCOM For WINDOWS





Do not edit the ssl configuration files- cassl.conf, clientssl.conf or serverssl.conf. 

  1. From your DOS PROMPT:

  2. Change directory to C:\Program Files\CA\XCOM\ssl or the directory you installed into. 

  3. Run makeca followed by makeclient and makeserver.

  4. This will create a CERTS and PRIVATE subdirectory under the SSL directory.

  5. The scripts produce the following files:

    1. makeca: random.pem, certs/cassl.pem and private/casslkey.pem

    2. makeclient: certs/clientcert.pem and private/clientkey.pem

    3. makeserver: certs/servercert.pem and private/serverkey.pem

  6. If you did not use the default path when creating the certificates, edit the
    following parameters in the configssl.cnf and change them to conform to the
    correct path.
         # Mandatory      [CA]      INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\certs\cassl.pem     RECEIVE_SIDE  = c:\xcomnt\ssl\certs\cassl.pem      # Mandatory      [CA_DIRECTORY]      INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\certs     RECEIVE_SIDE  = C:\Program Files\CA\XCOM\ssl\certs       # Mandatory      [CERTIFICATE]      INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\certs\clientcert.pem     RECEIVE_SIDE  = c:\xcomnt\ssl\certs\servercert.pem       # Mandatory      [PRIVATEKEY]      INITIATE_SIDE = C:\Program Files\CA\XCOM\ssl\private\clientkey.pem     RECEIVE_SIDE  = C:\Program Files\CA\XCOM\ssl\private\serverkey.pem      [RANDOM]      INITIATE_SIDE_FILE = C:\Program Files\CA\XCOM\ssl\random.pem     RECEIVE_SIDE_FILE = C:\Program Files\CA\XCOM\ssl\random.pem
  7. Set XCOM_SHOW_CIPHER= to YES in the xcom.glb file and stop and start xcomd. This will allow you to check the encryption key used for the transfer when you issue an

         xcomqm -Dtid
  8. From the GUI, make the following changes:

    1. Change the PORT from 8044 to 8045 since that is the 
      default port for SSL.

    2. Check that the Secure Socket option is selected.

    3. Make sure that the Secure Socket File has the correct path for the configssl.cnf.

  9. At this point, you can perform a loopback transfer using SSL on your machine.

Additional Information:

See the Section Generate SSL Certificates in the CA XCOM Data Transport for Windows - 11.6 SP01 documentation