Creating SSL certificates for a Basic Loopback Test for UNIX or LINUX

Document ID : KB000027692
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

How can I create SSL certificates to test with CA XCOM?

 

Resolution:

Do not edit the ssl configuration files- cassl.conf, clientssl.conf or serverssl.conf.

From your prompt:

  1. Change directory to /usr/spool/xcom/ssl
  2.  Run makeca followed by makeclient and makeserver
  3. This will create a "certs" and "private" subdirectory under the SSL directory
  4. The scripts produce the following files:

    a. makeca: random.pem, certs/cassl.pem and private/casslkey.pem

    b. makeclient: certs/clientcert.pem and private/clientkey.pem

    c. makeserver: certs/servercert.pem and private/serverkey.pem
  5. If you did not use the default path when creating the certificates, edit the following parameters in the configssl.cnf and change them to conform to the correct path.
         # Mandatory      [CA]      INITIATE_SIDE = /usr/spool/xcom/ssl/certs/cassl.pem     RECEIVE_SIDE  = /usr/spool/xcom/ssl/certs/cassl.pem      # Mandatory      [CA_DIRECTORY]      INITIATE_SIDE = /usr/spool/xcom/ssl/certs     RECEIVE_SIDE  = /usr/spool/xcom/ssl/certs       # Mandatory      [CERTIFICATE]      INITIATE_SIDE = /usr/spool/xcom/ssl/certs/clientcert.pem     RECEIVE_SIDE  = /usr/spool/xcom/ssl/certs/servercert.pem       # Mandatory      [PRIVATEKEY]      INITIATE_SIDE = /usr/spool/xcom/ssl/private/clientkey.pem     RECEIVE_SIDE  = /usr/spool/xcom/ssl/private/serverkey.pem      [RANDOM]      INITIATE_SIDE_FILE = /usr/spool/xcom/ssl/random.pem     RECEIVE_SIDE_FILE = /usr/spool/xcom/ssl/random.pem
  6. Set XCOM_SHOW_CIPHER= to YES in the xcom.glb file and stop and start xcomd. This will allow you to check the encryption key used for the transfer when you issue an:
         xcomqm -Dtid
  7. At this point, you can perform a loopback transfer using SSL on your machine. See TEC377644 if you need information on how to do a loopback transfer.