Closed rudatp closed 1 day ago
Hi,
the problem is, there is no value provided for /zowe/certificate/pem/key
and zowe/certificate/pem/certificate
. The schema validation is strict and requires a value. To avoid the schema validation problem, remove unused fields:
certificate:
keystore:
type: JCERACFKS
file: "safkeyring:////STCZOWE/ZOWE"
password: "password"
alias: "ZOWE25"
truststore:
type: JCERACFKS
file: "safkeyring:////STCZOWE/ZOWE"
password: "password"
pem:
certificateAuthorities:
- "safkeyring:////STCZOWE/CA1"
- "safkeyring:////STCZOWE/CA2"
Hi Martin
Thanks! That was it, now it works.
The pem
section was needed up until v2.9 but at that point became unused.
Recently v2.16.0 fixed incorrect validation of empty entries which triggered the empty key
and certificate
fields to be seen as invalid, as they're literally null
when previously the validation logic thought them to be empty strings.
I'd like to see a compatibility fix here, but for now you should also just remove the pem
section entirely. It hasnt been needed in some time.
Another issue will address this moving forward: https://github.com/zowe/zowe-common-c/issues/458 . Since the initial question was resolved, I'll close this.
We are using SAF keyrings, yaml section:
certificate: keystore: type: JCERACFKS file: "safkeyring:////STCZOWE/ZOWE" password: "password" alias: "ZOWE25" truststore: type: JCERACFKS file: "safkeyring:////STCZOWE/ZOWE" password: "password" pem: key: certificate: certificateAuthorities:
I updated ZOWE today to version 2.16 and startup fails with:
Validity Exceptions(s) with object at Validity Exceptions(s) with object at /zowe Schema at '/zowe/certificate' invalid not oneOf schemas at '/zowe/certificate' are valid, 0 are Validity Exceptions(s) with object at /zowe/certificate Validity Exceptions(s) with object at /zowe/certificate/keystore unequal constant value at /zowe/certificate/keystore/type; expecting value 'PKCS12' of type 'string' Validity Exceptions(s) with object at /zowe/certificate/truststore unequal constant value at /zowe/certificate/truststore/type; expecting value 'PKCS12' of type 'string' Validity Exceptions(s) with object at /zowe/certificate/pem type 'null' not permitted at /zowe/certificate/pem/key; expecting type 'string' type 'null' not permitted at /zowe/certificate/pem/certificate; expecting type 'string' Validity Exceptions(s) with object at /zowe/certificate Validity Exceptions(s) with object at /zowe/certificate/pem type 'null' not permitted at /zowe/certificate/pem/key; expecting type 'string' type 'null' not permitted at /zowe/certificate/pem/certificate; expecting type 'string'
Can someone help?