You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users of third-party certificate management tools, such as Venafi, might need to take additional steps to get Zowe working. I've included a draft addition to the docs below.
If using a third-party tool to generate a self-signed intermediate certificate for Zowe, you might need to take the following extra steps during configuration:
Ask your Security Administrator to:
Note the specific root certificate with which the generated intermediate certificate was self-signed.
Add the generated intermediate certificate to Zowe's Keyring.
Add the root certificate to Zowe's Keyring.
Once the keyring has been configured, add the root certificate in the Default Zowe certificate section under pem.certificateAuthorities. Since this can have (at most) two entries ...
The first entry should be your generated intermediate certificate authority.
The second, final, entry should be the root certificate authority.
Example:
pem:
# key: /global/zowe/keystore/localhost/localhost.key # certificate: /global/zowe/keystore/localhost/localhost.cer # if keyrings, the format is "safkeyring:////stcusername/KeyName&ca name" key:
certificate:
certificateAuthorities:
- "safkeyring:////ZWESVUSR/ZWEKEYRING.ZWEDFLT&CERTAUTH.AJMCA1"
- "safkeyring:////ZWESVUSR/ZWEKEYRING.ZWEDFLT&CERTAUTH.AJMROOT"
Without adding the root certificate as described above, users will not be able to set verifyCertificates: STRICT.
Hi Andrew, I can address this issue as you suggest. Thanks for the draft! You target the v2.18 version of this troubleshooting article. Should this be applied to v3.0 as well?
Description
Users of third-party certificate management tools, such as Venafi, might need to take additional steps to get Zowe working. I've included a draft addition to the docs below.
If using a third-party tool to generate a self-signed intermediate certificate for Zowe, you might need to take the following extra steps during configuration:
Ask your Security Administrator to:
Once the keyring has been configured, add the root certificate in the Default Zowe certificate section under
pem.certificateAuthorities
. Since this can have (at most) two entries ...Example:
Without adding the root certificate as described above, users will not be able to set
verifyCertificates: STRICT
.Pages to Update
This seems like a decent canadate for inclusion on Troubleshooting certificate configuration.
The text was updated successfully, but these errors were encountered: