Problems importing z/OSMF key into the APIML during install

When installing Zowe the API Gateway will attempt to import the key from z/OSMF into its trust store. The install log will write: “Attempting to setup Zowe API Mediation Layer certificates…” before and after it does this step. If the user doing the install does not have permission to read the z/OSMF keys the step will fail. With the step failed the API Mediation Layer will not trust z/OSMF so be unable to authenticate. You can see this by launching Zowe, opening a browser on the API Gateway URL, selecting the API Catalog hyperink and trying to logon with your TSO user ID and password. You will get an “authentication failed” error. Operating Zowe you will see runtime errors such as the explorers unable to launch and other areas that rely on z/OSMF.

Assuming you can’t get your user ID doing the install to have access to import the z/OSMF certificate from the keyring you can bypass this setup step and allow Zowe to operate in a mode where the API mediation layer accepts the certificate untrusted from z/OSMF. The zowe.yaml argument verifyCertiicatesOfServices=true should be changed to be =false.

If you have done an install and don’t want to delete and re-install then you can go into the Zowe runtime folder and navigate to the Unix folder /api-mediation/scripts. In there are three scripts start-api.sh* (not the ones with template in their name). Edit each file and change the line -Dapiml.security.ssl.verifySslCertificatesOfServices= to end with false.

Stop and Start Zowe and then open the API Gateway URL, select API catalog and you should be able to log on correctly. The logon connects to z/OSMF and a successful logon indicates that Zowe can connect to z/OSMF