ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Security error integrating the JCLCheck REST API service with Zowe API Mediation Layer (API ML)


Article ID: 227280


Updated On:


JCLCheck Workload Automation


Trying to integrate the JCLCheck REST API with the Zowe API Mediation Layer, and gets errors when starting the JCLCheck RESP API service. 

First error:

2021-10-22 19:04:45.354 ERROR 33624627 --- [           main] c.n.d.s.t.d.RedirectingEurekaHttpClient  : Request execution error. end 
 point=DefaultEndpoint{ serviceUrl='}                                                                                                                                                                                                     
 com.sun.jersey.api.client.ClientHandlerException: No X 
 509TrustManager implementation available at ...    



The Zowe API Mediation Layer (Zower API ML) is configured for SSL, but JCLCheck is not configured for SSL. 


Release : 12.0

Component : JCLCheck Workload Automation



Enable a secure TLS/HTTPS connection for JCLCheck by following the instructions in the JCLCheck online documentation:

Here's a template for how to configure JCLCheck to specify a Truststore, and Keystore for holding certificates.  These properties are specified in the "jclcheck.yml" configuration file:  

    address: xxx
    port: xxx
        enabled: true
        keyAlias: server
        keyPassword: xxx
        keyStore: config/keystore.p12
        keyStorePassword: xxx
        keyStoreType: PKCS12
        trustStore: config/truststore.p12
        trustStorePassword: xxx
        trustStoreType: PKCS12
Note: One TLS certificate for the JCLCheck server should work for either a direct-to-service connection or when connected through the API ML.   The API ML must have its own certificate.

Additional Information

At this time, the JCLCheck REST API service does NOT support RACF SAF keyring for managing certificates.  Only Keystore Truststore combination is currently supported.

Using TLS Certificates: