JCLCheck REST API SAF keyring use in JAVA 8 and JAVA 17

search cancel

JCLCheck REST API SAF keyring use in JAVA 8 and JAVA 17

book

Article ID: 433814

calendar_today

Updated On:

Products

JCLCheck Workload Automation

Issue/Introduction

After upgrading from JAVA 8 to JAVA 17, the following error is seen when starting the JCLCheck REST API:

Error creating bean
Caused by: java.lang.IllegalStateException: Cannot construct SSL Context
...
Caused by: java.net.MalformedURLException: unknown protocol: safkeyring

Environment

Component: JCLCHECK
Release: 12

Cause

When using the keyStore / trustStore class with the JCERACFKS or JCEHYBRIDRACFKS type, the path to the keyring is coded differently based on the JAVA version.

For JAVA 8: safkeyring://keyring_owner_acid/keyring_name
For JAVA 11+: safkeyringjce://keyring_owner_acid/keyring_name

Resolution

After upgrading to JAVA 17, for keystore and truststore type JCERACFKS or JCEHYBRIDRACFKS, the following should be coded in the jclcheck.yml file:

keyStore: safkeyringjce://keyring_owner_acid/keyring_name

trustStore: safkeyringjce://keyring_owner_acid/keyring_name

Feedback

thumb_up Yes

thumb_down No