Install Wizard Advanced Certificate setup, list, and validate page

[jp669844]

There are 5 scenarios (outlined here: docs.zowe.org, or zowe.yaml).
At least one of them shall be implemented as screens in ZEN 1.0.0 - need a decision on what is the most common scenario so far.

• ask for all relevant variables and paths, and validate them.
• add a link to the documentation
• store JCL (if used) to allow replay

[1000TurquoisePogs]

Could we write a program that runs under the STC user which does in order:

• tries to list the contents of the keyring the user provided
• sees if the contents contains the key they specified
• if it has the key, read it to see if the EKU section is correct

if it fails at any step, that step roughly tells us what is wrong.

this would imply that zwe init security has run beforehand, otherwise the STC user may not exist.

often, zowe needs to connect with zosmf, so the CAs need to be good for that.
could we write a program that tries to reach zosmf using the truststore the user provided, and check what kind of failure we get?

[1000TurquoisePogs]

the api-layer repo already has a java tool that i hope can do some or all of this: https://github.com/zowe/api-layer/tree/v2.x.x/certificate-analyser

[skurnevich]

Some feedback for certificates creation via ZEN 1.0.1 to address

• Install Wizard didn't provide a field to provide IP Address during creation of certificates. zwe certificates presumably wants the user to refer to job output to see if all certificate steps worked even when the return code is 0.  Either the zwe should look out for the message in the output of JCL and suggest corrective actions. I wasn't sure what field in zowe.yaml so zwe has all required values for successful certificate creation.
• ZWE Init certificates could have auto filled things like hostname/domain name and ip address in the default flow to ensure Zowe is reachable from all API/hosts under the same domain.