v3 verifyCertificates NONSTRICT/DISABLED not working as expected in containers

Describe the bug
While testing Zowe v3 in a containerized environment where:

certificates do not contain correct SAN domains
verifyCertificates is set to either NONSTRICT or DISABLED
there are errors in APIML pods related to certificate hostname verification. This is taken from an api catalog pod:

2024-10-15 15:05:02.373 <ZWEAGW1:https-jsse-nio-0.0.0.0-7554-exec-1:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown
2024-10-15 15:05:03.918 <ZWEAGW1:reactor-http-epoll-2:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): No subject alternative DNS name matching ***redacted***.pod.cluster.local found.

Steps to Reproduce

Deploy a containerized environment with verifyCertificates: DISABLED
View pod logs

Expected behavior
The pods should ignore the missing SAN when verifyCertificates is DISABLED or NONSTRICT

Details

Version and build number: Zowe v3.0.0
Test environment: IBM Openshift environment

Similar to #1805 . Expect that if the correct SANs are added to the certificates, the services will start up.

https://github.com/zowe/api-layer/wiki/Issue-management

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions