ZSS Handle is not valid

[GilPen]

Hello

In ZSS log I get this message everytime I start ZOWE ZWES1060W Failed to init TLS environment, rc=1(Handle is not valid)
ZWES1065E Failed to configure https server, check agent https settings

I notice in the github, the error can provide because of a bug in java version so I upgraded my java version Now the java version is £ java -version
java version "1.8.0_361"
Java(TM) SE Runtime Environment (build 8.0.8.0 - pmz6480sr8-20230314_01(SR8))
IBM J9 VM (build 2.9, JRE 1.8.0 z/OS s390x-64-Bit Compressed References 20230313_47323 (JIT enabled, AOT enabled) OpenJ9 - 4d03a8c
OMR - 49526cb
IBM - 7187a01)
JCL - 20230208_01 based on Oracle jdk8u361-b09

it seems this version shouldn't have the bug however the ZSS message still appears

the config is Zowe version: v1.27.1 Node v16.17.1
Java version 1.8.0_361 z/OS 02.04.00

[GilPen]

Hello,

I use certificates in USS files for this version. The certificate seems to be valid with a keytool command with the good CAs.

£ /usr/lpp/java/J8.0_64/bin/keytool -v -list -keystore /usr/lpp/zowe/keystore/localhost/localhost.keystore.p12 -storepass xxxxxx -storetype PKCS12

Keystore type: PKCS12
Keystore provider: IBMJCE

Your keystore contains 3 entries

Alias name: localhost
Creation date: Jun 2, 2023
Entry type: keyEntry
Certificate chain length: 3
CertificateÝ1~:
Owner: CN=zosmfdev.frf.fr, OU=RESG, O=GROUPE SOCIETE GENERALE, L=Paris, ST=Ile de France, C=FR
Issuer: CN=SG UniPass Server Authentication 2016 CA, O=GROUPE SOCIETE GENERALE
Serial number: 45602d7a396cd8794398038aad4354b2b9c3fec8
Valid from: 5/24/23 8:00 AM until: 8/21/25 8:00 AM
Certificate fingerprints:
.........

Regards Gilles Peniguel

[GilPen]

Hello

An error appears when I run the script zowe-set-up-certificates.sh in the log so I think the script doesn't generate the certificate correctly ( CEE5213S The signal SIGPIPE was received )

Log file created: /tmp/certif.log/zowe-setup-certificates-2023-06-13-15-23-00.log
Loading default variables from /usr/lpp/zowe/bin/zowe-setup-certificates.env file.
Loading zowe-setup-certificates.env file and overriding default variables.
ZOWE_IP_ADDRESS variable value=192.96.88.150
ZOWE_EXPLORER_HOST variable value=zosmfdev.frf.fr
Prepending JAVA_HOME/bin to the PATH...
Creating certificates and keystores... STARTED

z/OSMF certificate fingerprint:
Owner: CN=zosmfdev.frf.fr, OU=RESG-GTS, O=GROUPE SOCIETE GENERALE, L=Paris, ST=Ile de France, C=FR
MD5: E5:3B:29:C9:E6:E9:D9:46:37:0E:20:5B:27:F1:E8:50
SHA1: 52:FB:FD:AA:0C:2C:DF:1A:CF:B4:6C:D3:34:7A:58:13:B5:CA:A6:DA
SHA256: C2:14:DB:83:86:A8:E4:0B:A9:1F:8F:5F:84:96:61:0D:EB:14:0A:49:56:A2:A8:41:73:2F:11:BB:DE:66:CD:93
Owner: CN=SG UniPass Server Authentication 2016 CA, O=GROUPE SOCIETE GENERALE
MD5: B6:BF:0D:F5:1C:41:4E:F0:52:16:5D:E9:43:46:23:B0
SHA1: 4D:F0:17:0A:F0:AD:09:B6:66:6C:DC:2B:54:E7:4B:BA:15:34:3B:76
SHA256: 95:40:AC:5F:CC:CA:DA:1E:FF:CE:37:76:01:EC:46:12:B2:A9:63:50:64:E3:D3:63:DF:5B:7B:78:04:A5:A3:CC
Owner: CN=SG UniPass Root CA 2016, O=GROUPE SOCIETE GENERALE
MD5: 97:6B:E7:37:F5:25:CB:39:06:24:34:4E:D7:E6:C5:FD
SHA1: F0:7E:52:D7:BA:F6:B8:65:48:3F:FA:DE:17:CA:91:BF:21:80:1F:02
SHA256: 6C:B3:2C:47:0A:86:55:10:6E:03:E7:70:80:0B:BE:88:50:A7:81:5F:AF:0F:CE:62:34:07:C2:38:71:F7:48:48
csplit: FSUMA879 file "/usr/lpp/zowe/keystore/localhost/temp/temp-zosmf-cert", line 1 : line length exceeds limit of 2048 CEE5213S The signal SIGPIPE was received.
Creating certificates and keystores... DONE
Detecting external CAs ... STARTED
Detecting external CAs... DONE
Trying to change an owner of the /usr/lpp/zowe/keystore.
Owner of the /usr/lpp/zowe/keystore changed successfully to the ZWESVUS owner.

[GilPen]

Hello

Thank you very much for achmelo for his help. The problem is solved.

I replaced the apiml_cm.sh file with the script achmelo sent me modifying the certificates generation. apiml_cm.sh.txt

Rerun ZOWE STCs and it was ok.

Regards Gilles