Using Certificate Authority (CA) certificates with CA XCOM for Windows and failing with message alert certificate unknown

Document ID : KB000046118
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue: 

When testing a loopback transfer using a Microsoft CA, we are getting the following error messages:

2016/08/22 16:54:23 TID=REMOTE PRG=xcomtcp PID=1234 IP=127.0.0.1:65109 
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown +++ SSL alert number 46> value = 0: 

2016/08/22 16:54:23 TID=000029 PRG=xcomtcp PID=98772 IP=127.0.0.1 PORT=8045 
XCOMN0780E Txpi 308: TxpiInitSSL Failed msg = <error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> value = 4294967295:

Environment:  

OpenSSL

Resolution:

Use the 'openssl verify' utility to test the certificates.

Here is how the certificates should be placed:

  1. The ca_certs.cer goes in both the INITIATE_SIDE and RECEIVE_SIDE of the [CA] section
  2. The folder that holds ca_certs.cer goes in both the INITIATE_SIDE and RECEIVE_SIDE of the [CA_DIRECTORY] section
  3. The client.cer goes in the INITIATE_SIDE of the CERTIFICATE section
  4. The server.cert goes in the RECEIVE_SIDE of the CERTIFICATE section
  5. The files containing the respective private keys go to the [PRIVATEKEY] section