You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
While testing Zowe v3 in a containerized environment where:
certificates do not contain correct SAN domains
verifyCertificates is set to either NONSTRICT or DISABLED
there are errors in APIML pods related to certificate hostname verification. This is taken from an api catalog pod:
2024-10-15 15:05:02.373 <ZWEAGW1:https-jsse-nio-0.0.0.0-7554-exec-1:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown
2024-10-15 15:05:03.918 <ZWEAGW1:reactor-http-epoll-2:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): No subject alternative DNS name matching ***redacted***.pod.cluster.local found.
Steps to Reproduce
Deploy a containerized environment with verifyCertificates: DISABLED
View pod logs
Expected behavior
The pods should ignore the missing SAN when verifyCertificates is DISABLED or NONSTRICT
Details
Version and build number: Zowe v3.0.0
Test environment: IBM Openshift environment
Similar to #1805 . Expect that if the correct SANs are added to the certificates, the services will start up.
Describe the bug
While testing Zowe v3 in a containerized environment where:
NONSTRICT
orDISABLED
there are errors in APIML pods related to certificate hostname verification. This is taken from an api catalog pod:
Steps to Reproduce
Expected behavior
The pods should ignore the missing SAN when verifyCertificates is DISABLED or NONSTRICT
Details
Similar to #1805 . Expect that if the correct SANs are added to the certificates, the services will start up.
https://github.com/zowe/api-layer/wiki/Issue-management
The text was updated successfully, but these errors were encountered: