The following error message is seen in the browser when trying to connect to z/OSMF using internally signed certificates for the HTTPS connection:

SSL_ERROR_BAD_CERT_DOMAIN

The certificate was generated using Top Secret.

The PERSONAL certificate will need to be re-created by specifying an ALTNAME parameter on the GENCERT. Both Subjectn CN and Altname DOMAIN should match the host name used to access z/OSMF.  An IP address can also be specified in ALTNAME if desired. 

TSS GENCERT(IZUSVR) DIGICERT(CERT01) -

SUBJECTN('CN="HOST NAME" OU="IZUDFLT" O="IBM"') -

ALTNAME(DOMAIN="HOST NAME") - 

LABLCERT('DefaultzOSMFCert.IZUDFLT') -  

SIGNWITH(CERTAUTH,ZOSMFCA) -

NADATE(mm/dd/yy)   

After certificate recreation, attach the certificate to the appropriate KEYRING:

TSS ADD(IZUSVR) KEYRING(zosmfkeyring) RINGDATA(IZUSVR,CERT01) -
USAGE(PERSONAL) DEFAULT 

The IZUSVR1 task will need to be re-started in order to read in the changes to the keyring.