Security error the JCLCheck REST API with Zowe API Mediation Layer
search cancel

Security error the JCLCheck REST API with Zowe API Mediation Layer

book

Article ID: 227280

calendar_today

Updated On:

Products

JCLCheck Workload Automation

Issue/Introduction

Trying to integrate the JCLCheck REST API with the Zowe API Mediation Layer, and gets errors when starting the JCLCheck RESP API service. 

First error:

yyyy-mm-dd hh:mm:ss.354 ERROR 33624627 --- [           main] c.n.d.s.t.d.RedirectingEurekaHttpClient  : Request execution error. end 
 point=DefaultEndpoint{ serviceUrl='https://99.99.99.9:1111/eureka} 
 com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X 
 509TrustManager implementation available at ...

 

Environment

Release : 12.0

Component : JCLCheck Workload Automation

 

Cause

The Zowe API Mediation Layer (Zowe API ML) is configured for SSL, but JCLCheck is not configured for SSL. 

Resolution

Enable a secure TLS/HTTPS connection for JCLCheck by following the instructions in the JCLCheck online documentation:

Configure and Deploy the JCLCheck REST API

Here's a template for how to configure JCLCheck to specify a Truststore, and Keystore for holding certificates.  These properties are specified in the "jclcheck.yml" configuration file:  

server:
  address: xxx
  port: xxx
  ssl:
    enabled: true
    keyAlias: server
    keyPassword: xxx
    keyStore: config/keystore.p12
    keyStorePassword: xxx
    keyStoreType: PKCS12
    trustStore: config/truststore.p12
    trustStorePassword: xxx
    trustStoreType: PKCS12
 
Note: One TLS certificate for the JCLCheck server should work for either a direct-to-service connection or when connected through the API ML.   The API ML must have its own certificate.
Powered by Wolken Software