Using the VS Code Endevor Explorer plug-in to connect to Endevor WS Tomcat instance.
Enabled HTTPS using a RACF keyring in Endevor Web Service. Requested a CA certificate and added it to RACF keyring for the ID that the server runs under, also uncommented and edited the section of the server.xml:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 using SAF keyring -->
<Connector port="XXXX" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
SSLEnabled="true"
algorithm="IbmX509"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="+TLSv1.2,+TLSv1.1,+TLSv1"
keystoreType="JCERACFKS"
keystoreFile="safkeyring://kryringowner/keyring"
sslImplementationName="com.ca.sslsocket.CASSLImplementation" />
Then set up a new Endevor profile on the explorer, reject any self signed certificates. Cannot connect to the server and keep getting an HTTPS error.
Release : 18.1
Component : Endevor Software Change Manager
Tried the visual verification on the browser: https://host:port/EndevorService/services/EndevorService?wsdl
Noticed that there is a mismatch in the name of the certificate and the Endevor Tomcat server hostname (got connection not private warning and the following message):
"This server could not provide that it is xxxxxxxxxxx; its security certificate is from TOMCATH8.xxxxxxxxxxxxxx. This may be caused by a misconfiguration or an attacker intercepting your connection"
To get the SSL/TLS connection work using CA certificate:
The CN of the CA certificate should match Tomcat server hostname
Or
SAN (Subject Alternate Name) in CA certificate match the Tomcat server hostname.
Or
Create DNS alias