Locating Certificate and Key Files

When enabling TLS you will typically need to configure the names and locations of files containing one or more certificates and sometimes private keys. See Certificate Files, Certificate and Key Formats, and PKCS #12 file for more information on types of certificate and key files.

The names of these files are specified in various places, such as in the configurations of enterprise server listeners in ESCWA and in the mf-client.dat file. Where a filename for a certificate or key file is required, you can use either a full name including the absolute path to the file, or a bare filename.

If a bare filename is specified, MFCC and MFCS use the following steps to try to locate the file:

1. If the environment variable COBSSL is set, its value is used as the name of the directory to search.
2. Otherwise, if the environment variable COBDIR is set, /DemoCA is appended to its value and that directory is searched.
3. On Windows, if neither environment variable is set, the value in the Registry for the key HKLM\SOFTWARE\Micro Focus\DemoCA\1.0\Setup\DemoCAFolder is used, if it exists. This key was used in earlier product versions. The DemoCA provided with Visual COBOL 9.0 does not use the Registry, but if you are upgrading from earlier releases you might still be using certificates and keys created using the old DemoCA.
4. If none of those values are set, C:\ (Windows) or / (UNIX) is used.

Earlier product versions would sometimes log a message indicating a failure in GkGetSSLDir. As of Visual COBOL 9.0 this function does not fail if the certificate and key file directory has not been configured, as it will return the root directory as a last resort, so that message is no longer generated.