Using z/OSMF accessing via a browser, getting message NET::ERR_CERT_COMMON_NAME_INVALID.

Release : 16.0

The PERSONAL Server certificate for the IZUSVR server needs to specify the z/OS host name that the IZUSVR server is running on in the certificate's SUBJSDN and the ALTNAMEa. Ths 'host name' is part o the URL that is entered in the browser when connecting to z/OSMF.

To determine the host name, browse the IZUSRV server started task and do a FIND for IZUG349I to find the URL which would contain the host name. For example:

IZUG349I: The z/OSMF AUTOSTART Server home page can be accessed at   
        : https://your.hostname.net/zosmf                 
        : after the z/OSMF server is started on your system.    

Here is a sample GENCERT with the host name specified in the SUBJSDN and the ALTNAME of the certificate.

ACF
GENCERT IZUSVR.CERT01 SIGNWITH(CERTAUTH LABEL(zOSMFCA)) SUBJSDN(CN=DOMAIN=your.hostname.net,OU='IZUDFLT') LABEL(DefaultzOSMFCert.IZUDFLT) ALTNAME(DOMAIN=your.hostname.net)
F ACF2,REBUILD(USR),CLASS(P)
F ACF2,OMVS

The IZUSVR1 task will need to be re-started in order to read in the changes to the keyring.