Installing a Client Certificate for Enterprise Server

Restriction: This topic applies only when the Enterprise Server feature is enabled.

On client systems such as COBOL Web Services clients, and clients that use client/server binding, and COBOL XML I/O, you need to set client information in a file, as follows:

To set up client certificate, key file and pass phrase information in a file:

  1. On the Enterprise Server machine, create the file mf-client.dat in the $COBDIR/etc directory if the file doesn't already exist.
  2. Add an [SSL] section to this file and set parameters for the root certificate, the client certificate, the client key file, and the client key file passphrase, as follows:
         [SSL]
        root=/path/to/root/cert.type
        certificate=/path/to/client/cert.type
        key=/path/to/client/keyfile.type
        passphrase=keyfile passphrase 

    where:

    • root defaults to ssldir/private/CArootcert.pem, where ssldir is the directory where Security Pack is installed, and is by default /opt/microfocus/DemoCA/openssl or $COBSSL (if set).
    • If certificate isn't specified, no client-side certificate is used
Note:
  • If you use a client certificate, the pass phrase for the key file appears in plain text in the mf-client.dat file. For security purposes, you should make this file readable only by the user or users who run applications that use this certificate.
  • Instead of mf-client.dat, you can create a file of any name or location, but you must identify it using the MFC_CONFIG environment variable.