APAR status
Closed as program error.
Error description
At 12.0.4.0 the REST listener for Integration Nodes or Integration Servers will no longer function if configured for mutual (2-way) TLS. Attempts to connect to the listener port while configured for mutual TLS will result in a Certificate Error. The exact error message associated with symptoms may vary depending on the client used to connect but an example is shown below: curl --cert tls.crt.pem --key tls.key.pem --cacert tls.crt.pem -k https://localhost:7600/apiv2 curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:7600
Local fix
Setting the environment variable: NODE_EXTRA_CA_CERTS=/path/to/ca.crt.pem Where /path/to/ca.crt.pem is the fully qualified filename of the Certificate Authority certificate file. This will usually be located in the directory specified in the caPath property in the RestAdminListener stanza of the node.conf.yaml or server.conf.yaml file. Prion to starting the Integration Node or Integratrion Server resolves the problem.
Problem summary
**************************************************************** USERS AFFECTED: All users of App Connect Anterprise version 12.0.4.0 using the REST Admin listener secured with TLS. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: At 12.0.4.0 the REST listener for Integration Nodes or Integration Servers will no longer function if configured for mutual (2-way) TLS. Attempts to connect to the listener port while configured for mutual TLS will result in a Certificate Error. The exact error message associated with symptoms may vary depending on the client used to connect but an example is shown below: curl --cert tls.crt.pem --key tls.key.pem --cacert tls.crt.pem -k https://localhost:7600/apiv2 curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:7600
Problem conclusion
The REST listener for Integration Nodes and Integration servers now functions correctly when configured with mutual (2-way) auth. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v12.0 12.0.5.0 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT40477
Reported component name
APP CONNECT ENT
Reported component ID
5724J0560
Reported release
C00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-04-01
Closed date
2022-10-28
Last modified date
2022-10-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
APP CONNECT ENT
Fixed component ID
5724J0560
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"C00","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
28 October 2022