Installing a Client Certificate for Enterprise Server

Restriction: This topic applies only when the Enterprise Server feature is enabled.

On client systems such as COBOL Web Services clients, and clients that use client/server binding, and COBOL XML I/O, you need to set client information in a file, as follows:

To set up client certificate, key file and pass phrase information in a file:

  1. On the Enterprise Server machine, create the file mf-client.dat in the $COBDIR/etc directory if the file does not already exist.
  2. Add an [SSL] section to this file and set parameters for the root certificate, the client certificate, the client key file, and the client key file passphrase, as follows:
    [SSL]
    root=/path/to/root/cert.type
    certificate=/path/to/client/cert.type
    key=/path/to/client/keyfile.type
    passphrase=keyfile passphrase

    where:

    • You must use the full pathnames for the files you specify.
    • If a certificate is not specified, no client-side certificate is used. In this case you can also omit key and passphrase.
Note:
  • If you use a client certificate, you can avoid having the passphrase appear in plain text in the mf-client.dat file by specifying a passphrase stored in the Micro Focus Secrets Facility also known as the Vault. To do this, configure a vault, use the mfsecretsadmin utility to store your key passphrase using the path of your choice, and then set the value of the passphrase setting to mfsecret:config:path, where config is the vault configuration name (blank for the default configuration) and path is the path to your passphrase in the vault. For example, passphrase=mfsecret::mycorp/client/key.
  • Instead of mf-client.dat, you can create a file of any name or location, but you must identify it using the MFC_CONFIG environment variable.