v3 verifyCertificates NONSTRICT/DISABLED not working as expected in containers

[MarkAckert]

Describe the bug While testing Zowe v3 in a containerized environment where:

• certificates do not contain correct SAN domains
• verifyCertificates is set to either NONSTRICT or DISABLED there are errors in APIML pods related to certificate hostname verification. This is taken from an api catalog pod:

2024-10-15 15:05:02.373 <ZWEAGW1:https-jsse-nio-0.0.0.0-7554-exec-1:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): Received fatal alert: certificate_unknown
2024-10-15 15:05:03.918 <ZWEAGW1:reactor-http-epoll-2:4302> zowe ERROR ((javax.net.ssl)) Fatal (CERTIFICATE_UNKNOWN): No subject alternative DNS name matching ***redacted***.pod.cluster.local found.

Steps to Reproduce

1. Deploy a containerized environment with verifyCertificates: DISABLED
2. View pod logs

Expected behavior The pods should ignore the missing SAN when verifyCertificates is DISABLED or NONSTRICT

Details

• Version and build number: Zowe v3.0.0
• Test environment: IBM Openshift environment

Similar to #1805 . Expect that if the correct SANs are added to the certificates, the services will start up.

https://github.com/zowe/api-layer/wiki/Issue-management

[1000TurquoisePogs]

This seems to be true of non-containers in 3.0 as well, but seems fixed on v3.1 on z/os at least.