Frequently asked questions (FAQs)
This section provides answers to frequently asked questions about problems that you might encounter when using CICS Explorer®.
- IZE0106E Connect failed with "HTTPS hostname wrong" after upgrading to IBM Explorer for z/OS 3.2.0.12
- When selecting a target platform of CICS TS, I get a warning: You have selected a target with a newer version than your current Eclipse installation.
IZE0106E Connect failed with "HTTPS hostname wrong" after upgrading to IBM Explorer for z/OS 3.2.0.12
- Problem
- After upgrading to IBM® Explorer for z/OS® 3.2.0.12 (shipped with CICS Explorer 5.5.0.10), connections to some secure hosts fail with error message IZE0106E "HTTPS hostname is wrong". This is because IBM Explorer for z/OS is updated to remove a potential security vulnerability.
- Symptom
- Secure connections to CMCI, CICS®, FTP, z/OSMF, or other
encrypted hosts fail with this error
message:
IZE0106E Connect failed with error "HTTPS hostname wrong: should be <hostname.domain.com>" (Your connection name)
- Cause
- When connecting to a host that uses SSL, IBM Explorer for z/OS verified that the certificate was trusted
either through trust chains in the truststore of IBM Explorer for z/OS, or because the certificate had previously
been accepted. The hostname associated with the certificate was not checked.
To avoid the possibility of a man-in-the-middle attack where you are redirected to a compromised machine with a trusted certificate, IBM Explorer for z/OS 3.2.0.12 is updated to verify that the hostname to which a certificate is registered or any Subject Alternative Name listed in the certificate matches the hostname in your connection details.
If the hostnames do not match, the connection fails and error message IZE0106E is shown.
- Resolving The Problem
-
Recommended: Choose either of the following ways to fix the mismatch between the certificate and connection details:
- In the Explorer Host Connections view, update the hostname of the connection to match that of the certificate
- Regenerate the certificate with the correct hostname in it. You might need the assistance from your system administrator to regenerate the certificate.
The specified hostname in your connection details must exactly match the Common Name (CN) specified in the certificate, or any Subject Alternative Names (SAN) listed.
Alternatively, you can remove the security check by disabling the hostname verification as follows. But make sure you understand the consequences when doing so.- Open the Preferences dialog by selecting from the menu.
- Select from the pane.
- Select the Disable SSL hostname verification option.
System administrator can prevent users from disabling this option by setting the system propertycom.ibm.cics.core.connections.allowOverrideHostnameVerification
to false. System administrators can set this property within the zosexplorer.ini or eclipse.ini file in the installation folder. Below the-vmargs
line, add a line containing:-Dcom.ibm.cics.core.connections.allowOverrideHostnameVerification=false
The option to disable SSL hostname verification inside Explorer will then be disabled.
For FTPS connections, you must also install IBM Explorer for z/OS 3.2.0.13. This release contains an additional fix required for the correct operation of certificate hostname verification of FTPS connections.
When selecting a target platform of CICS TS, I get a warning: You have selected a target with a newer version than your current Eclipse installation.
- Problem
-
When I select a Target Platform of CICS TS 5.5 or higher, I get the following warning message in CICS Explorer:
You have selected a target with a newer version than your current Eclipse installation. This can cause unexpected behavior in PDE. Please use a newer version of Eclipse.
- Symptom
-
This symptom occurs to CICS Explorer on Aqua 3.2 when users select a Target Platform of CICS TS 5.5 or higher.
- Cause
-
CICS Explorer on Aqua 3.2 displays this warning message because the version of org.eclipse.osgi supplied with the CICS TS target platform is newer than the version supplied with the Eclipse base of CICS Explorer on Aqua 3.2.
CICS Explorer on Aqua 3.3 does not have the same problem.
- Resolving the Problem
- No unexpected behavior has been found with this warning message. You can ignore it.