SAN Required in "Certificate setup scenario 3"

[dkelosky]

On a new install of Zowe 2.18, I used "Certificate setup scenario 3" The zowe.setup.certificate.san is commented out but does not have the comment eye catcher **COMMONLY_CUSTOMIZED**. It also appears that if you do not add these values the ZWEKRING job puts out an informational message :

KJ56701I MISSING Internet Protocol (IP) Address+                                                                                      
IKJ56701I MISSING The Internet Protocol (IP) Address in either IPv4 or IPv6 form, e.g. IPv4, 10.120.184.248, IPv6, 12cd:0:afed:45:10   
9f:16c:743d:8001       

This leads to this issue:

   RACDCERT CONNECT(ID(ZWESVUSR)   LABEL('localhost') RING(ZoweKeyring) USAGE(PERSONAL) DEFAULT) ID(ZWESVUSR)                          
IRRD107I No matching certificate was found for this user.                                                                              
READY    

Although these are informational messages - API ML will not start up in this state.

[JoeNemo]

Is this a code bug, or a usability/doc issue?

[dkelosky]

If san is indeed required (as it appears to be for RACF defaults), there are a few ideas:

1. This message should probably be changed

WARNING: Due to the limitation of the ZWESECUR job, exit with 0 does not mean
the job is fully successful. Please check the job log to determine
if there are any inline errors.

Since there could be inline information messages that could indicate a problem, not just errors

2. This area in the yaml could be marked commonly customized

3. Start up of api ml should detect this scenario and put out a clearer error message

[Martin-Zeithaml]

1. Message updated
2. Yaml update
3. Probably create issue under Api Layer