Locating Certificate and Key Files

When enabling TLS you will typically need to configure the names and locations of files containing one or more certificates and sometimes private keys. See Certificate Files, Certificate and Key Formats, and PKCS #12 file for more information on types of certificate and key files.

The names of these files are specified in various places, such as in the configurations of enterprise server listeners in ESCWA and in the mf-client.dat file. Where a filename for a certificate or key file is required, you can use either a full name including the absolute path to the file, or a bare filename.

If a bare filename is specified, MFCC and MFCS use the following steps to try to locate the file:

1. If the environment variable COBSSL is set, its value is used as the name of the directory to search.
2. Otherwise, if the environment variable COBDIR is set, /DemoCA is appended to its value and that directory is searched.
3. If none of those values are set, C:\ (Windows) or / (UNIX) is used.

Earlier product versions would sometimes log a message indicating a failure in GkGetSSLDir. As of Enterprise Developer 9.0 this function does not fail if the certificate and key file directory has not been configured, as it will return the root directory as a last resort, so that message is no longer generated.