jackjia-ibm
commented
3 years ago @rjmaomao to make sure I understand correctly, I have few questions:
- when the certificate is deleted, is it after
zowe-setup-certificates.shis done, or it's later afterZWESSOTKjcl is executed? - I'm trying to think of which part of the script could delete existing certificate. There is no delete certificate commands explicitly in the JCL. Could it be some configuration coincidently using same label?
Do you mind share your zowe-setup-certificates.env and log? Please feel free to email me if you don't want to post here. Thanks a lot.
@NayerNajafi FYI.
rjmaomao
We have seen some issue after switching to use JCL ZWESSOTK to add JWT certificates to RACF. In previous version, before 1.20 I think, gskkyman is used, we only need to run script zowe-setup-certificates.sh. Now in 1.21, after executed zowe-setup-certificates.sh, we need to copy the certificate to MVS data set then ran ZWESSOTK to add it to RACF data base.
After switching to this method, we noticed every time we add a new JWT certificate, there's an existed certificates got deleted. Some times the certificate got deleted was previous added JWT, sometimes even zOSMF certificate got deleted. After some debugging, RACF dev noticed the public key of these certificates being added were the same as the existed certificates. So it's possible that existed certificate got replaced by the newly added one.
My questions is, how does the script create JWT certificate, does it use the same public key as zOSMF certificate when generating?
Thank you!