IZUG476E: The HTTP request to the secondary z/OSMF instance "system name" failed with error type "CertificateError" and response code "0" .
Article ID: 384953
Updated On:
Products
Issue/Introduction
TCPIP Log message BPXF024I shows OutBound STATUS: Not Enabled
Environment
PRODUCT: ACF2
Resolution
Meaning of IZUG message explains that the z/OSMF server port uses Java SSL encryption to protect its outbound HTTPS connections. Therefore, it is not necessary (or possible) to configure AT-TLS on the z/OSMF server port. If you attempt to do so, the z/OSMF server encounters HTTP connection failures and errors, such as the following, in the server logs directory:
IZUG476E: The HTTP request to the secondary z/OSMF instance "209" failed with error type "CertificateError" and response code "0"
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
The issue appears to be an AT-TLS configuration problem. Your current configuration indicates 'STATUS: Not Enabled' which is the likely cause of the 'URL Connectivity Failed' error:
BPXF024I (TCPIP) TTLS nnnn TCPIP nnn
EZD1281I TTLS Map CONNID: nnnn LOCAL: nnnn
REMOTE: nnnn JOBNAME: nnnn USERID: nnnn TYPE:
OutBound STATUS: Not Enabled RULE: ATTLS nnn Out ACTIONS: nnnn
Your PAGENT policy rule ATTLS nnn Out shows:
TTLSRule ATTLS~nnn~Out
{
JOBNAME nnn*
LocalAddr ALL
RemoteAddr ALL
Direction Outbound
Priority nnn
TTLSGroupActionRef gnnn_TTLS_Off
}
#--------------------------------------------------------------------#
TTLSGroupAction gnnn_TTLS_Off
{
TTLSEnabled Off
Trace nnn
}
We suspect the TTLSGroupAction 'TTLSEnabled Off' is the cause of the STATUS: Not Enabled.
Feedback
