On client systems such as COBOL Web Services clients, and clients that use client/server binding,
ES/MSS Remote Job Entry,
and COBOL XML I/O, you need to set client information in a file, as follows:
To set up client certificate, key file and pass phrase information in a file:
- On the Enterprise Server machine, create the file
mf-client.dat in the
$COBDIR/etc
directory if the file doesn't already exist.
- Add an [SSL] section to this file and set parameters for the root certificate, the client certificate, the client key file,
and the client key file passphrase, as follows:
[SSL]
root=/path/to/root/cert.type
certificate=/path/to/client/cert.type
key=/path/to/client/keyfile.type
passphrase=keyfile passphrase
where:
- root defaults to
ssldir/private/CArootcert.pem, where
ssldir is the directory where Security Pack is installed, and is by default
/opt/microfocus/DemoCA/openssl or
$COBSSL (if set).
- If certificate isn't specified, no client-side certificate is used
Note:
- If you use a client certificate, the pass phrase for the key file appears in plain text in the
mf-client.dat file. For security purposes, you should make this file readable only by the user or users who run applications that use this
certificate.
- Instead of
mf-client.dat, you can create a file of any name or location, but you must identify it using the MFC_CONFIG environment variable.