Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verifyCertificates DISABLED and NONSTRICT gives different errors for the same problem #3748

Open
dkelosky opened this issue Sep 6, 2024 · 1 comment
Open

verifyCertificates DISABLED and NONSTRICT gives different errors for the same problem #3748

dkelosky opened this issue Sep 6, 2024 · 1 comment
Labels
bug Verified defect in functionality Priority: Low size/S

Comments

@dkelosky
Copy link
Contributor

dkelosky commented Sep 6, 2024

For a newly installed Zowe 2.18 instance, I configured zwe init with "Certificate setup scenario 3" without specifying a "SAN".

At startup with verifyCertificates: DISABLED I get:

ZWESVUSR WARN  (o.z.a.s.HttpsFactory) ZWEAM500W The service is not verifying the TLS/SSL certificates of the services       
ZWESVUSR WARN  (o.z.a.s.HttpsFactory) ZWEAM500W The service is not verifying the TLS/SSL certificates of the services       
ZWESVUSR WARN  (o.z.a.s.HttpsFactory) ZWEAM500W The service is not verifying the TLS/SSL certificates of the services       
ZWESVUSR ERROR (o.z.a.p.w.HttpConfig) Cannot construct configuration of HTTPs: null                                         
ZWESVUSR ERROR (o.z.a.p.w.HttpConfig) Cannot construct configuration of HTTPs: null                                         
ZWESVUSR ERROR (o.z.a.p.w.HttpConfig) Cannot construct configuration of HTTPs: null                                         
USR INFO ZWEL0014I termination command received

At startup with verifyCertificates: NONSTRICT I get:

ZWESVUSR ERROR (o.z.a.s.HttpsFactory) ZWEAM510E Invalid key alias 'localhost'                       
ZWESVUSR ERROR (o.z.a.p.w.HttpConfig) Invalid configuration of HTTPs: Invalid key alias 'localhost' 
ZWESVUSR ERROR (o.z.a.s.HttpsFactory) ZWEAM510E Invalid key alias 'localhost'                       
ZWESVUSR ERROR (o.z.a.p.w.HttpConfig) Invalid configuration of HTTPs: Invalid key alias 'localhost' 
ZWESVUSR ERROR (o.z.a.s.HttpsFactory) ZWEAM510E Invalid key alias 'localhost'                       
ZWESVUSR ERROR (o.z.a.p.w.HttpConfig) Invalid configuration of HTTPs: Invalid key alias 'localhost'

The latter gives some insight into the true problem I was facing. However, I'm curious: is it possible to give a better (and consistent) error for the scenario I faced? That is where no certificate appears to have been generated?
@dkelosky dkelosky added new New issue that has not been worked on yet question Further information is requested labels Sep 6, 2024
@EvaJavornicka EvaJavornicka added bug Verified defect in functionality Priority: Low size/S and removed new New issue that has not been worked on yet question Further information is requested labels Sep 18, 2024
@balhar-jakub
Copy link
Member

@dkelosky This seems to be a bug in the disabled scenario. In a disabled scenario, we shouldn't be loading the key at all. As the disabled scenario is not usually used and definitely not recommended to be used, I believe it's of a Low priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Verified defect in functionality Priority: Low size/S
Projects
API Mediation Layer Backlog Management
Status: Unplanned Bugs
Milestone
No milestone
Development

No branches or pull requests
3 participants
@balhar-jakub @dkelosky @EvaJavornicka