Restriction: This topic applies only when the Enterprise Server feature is enabled.
On client systems such as COBOL Web Services clients, and clients that use client/server binding,
and COBOL XML I/O, you need to set client information in a file, as follows:
To set up client certificate, key file and pass phrase information in a file:
- On the
Enterprise Server machine, create the file
mf-client.dat in the
$COBDIR/etc
directory if the file does not already exist.
- Add an [SSL] section to this file and set parameters for the root certificate, the client certificate, the client key file,
and the client key file passphrase, as follows:
[SSL]
root=/path/to/root/cert.type
certificate=/path/to/client/cert.type
key=/path/to/client/keyfile.type
passphrase=keyfile passphrase
where:
- You must use the full pathnames for the files you specify.
- If a certificate is not specified, no client-side certificate is used. In this case you can also omit key and passphrase.
Note:
- If you use a client certificate, you can avoid having the passphrase appear in plain text in the
mf-client.dat file by specifying a passphrase stored in the Micro Focus Secrets Facility also known as the Vault. To do this, configure
a vault, use the mfsecretsadmin utility to store your key passphrase using the path of your choice, and then set the value
of the passphrase setting to mfsecret:config:path, where
config is the vault configuration name (blank for the default configuration) and
path is the path to your passphrase in the vault. For example,
passphrase=mfsecret::mycorp/client/key.
- Instead of
mf-client.dat, you can create a file of any name or location, but you must identify it using the MFC_CONFIG environment variable.