IBM Support

PI90034: RDZ V9.5.1.1, CONNECTION TO A HTTPS HOST WITH A CA CERTIFICATE FAILS USING A CUSTOMIZED PLUG-IN

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In Rational Developer for z (RDz) v9.5.1.1, a user plug-in
    connecting to a  HTTPS host fails with the certificate chaining
    error as can be seen in the console log:
    java.security.cert.CertPathValidatorException: Certificate
    chaining error
            at com.ibm.jsse2.j.a(Unknown Source)
            at com.ibm.jsse2.as.a(Unknown Source)
            at com.ibm.jsse2.C.a(Unknown Source)
            at com.ibm.jsse2.C.a(Unknown Source)
            at com.ibm.jsse2.D.a(Unknown Source)
            at com.ibm.jsse2.D.a(Unknown Source)
            at com.ibm.jsse2.C.r(Unknown Source)
            at com.ibm.jsse2.C.a(Unknown Source)
            at com.ibm.jsse2.as.a(Unknown Source)
            at com.ibm.jsse2.as.i(Unknown Source)
            at com.ibm.jsse2.as.a(Unknown Source)
            at com.ibm.jsse2.as.startHandshake(Unknown Source)
            at
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(Unknown
    Source)
    
    However, the same user plug-in and certificate in base eclipse
    can connect to the HTTPS host.
    
    The same issue exists in all RDz 9.5 service packs including
    9.5.1.5 and IDz 14.0.0.5.
    

Local fix

  • In the user plug-in, modify the certificate location as shown in
    the following example:
    ...
        private static final String CACERTS_PASSWORD = "changeit";
            String cacertsFileName = System.getProperty("java.home")
    + "/lib/security/cacerts";
    
    ...
    
    
    System.setProperty("javax.net.ssl.trustStore",cacertsFileName);
    
    System.setProperty("javax.net.ssl.trustStorePassword",CACERTS_PA
    SSWORD);
    

Problem summary

  • When using customized certificates, this does not work with RDz
    with customer written plugins
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI90034

  • Reported component name

    DEV FOR Z SYS

  • Reported component ID

    5724T0700

  • Reported release

    951

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-11-09

  • Closed date

    2018-01-29

  • Last modified date

    2018-01-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DEV FOR Z SYS

  • Fixed component ID

    5724T0700

Applicable component levels

  • R951 PSY

       UP



Document information

More support for: Rational Developer for System z

Software version: 951

Reference #: PI90034

Modified date: 29 January 2018