We are attempting to configure the JCLCheck REST API server to use a keystore based on a z/OS SAF keyring, using the JCERACFKS type and the safkeyringjce:// protocol.

However, we are encountering the following error at startup:
Cannot load keystore 'safkeyringjce://JCKREST/JCKREST' because `unknown protocol: safkeyringjce`. The service is not able to start.

Add the highlighted statement to CAZ2OPTN(AJ6ZENV): 

# JVM options
IJO="-Xms512m -Xmx512m"
IJO="$IJO -Djava.protocol.handler.pkgs=com.ibm.crypto.provider"
IJO="$IJO -Dspring.config.additional-location="
IJO="$IJO$YAML_CONFIG"
export IBM_JAVA_OPTIONS="${IJO}"

-

If running JAVA v8, the keyStore statement in the jclcheck.yml file should have: 

keyStore: safkeyring://JCKREST/JCKREST