通过 HTTPS 连接到 MobileFirst Server 时出现问题
Posted
技术标签:
【中文标题】通过 HTTPS 连接到 MobileFirst Server 时出现问题【英文标题】:Issue connecting to MobileFirst Server via HTTPS 【发布时间】:2015-03-17 22:58:51 【问题描述】:我们有一个连接到 MobileFirst Server 的应用程序。我们的应用程序通过 HTTP 连接良好,但无法通过 HTTPS 连接。该应用程序本身是使用 Xcode 构建的原生 ios 应用程序。
我们在服务器上有一个自签名证书。服务器设置为按顺序将整个证书钥匙串传递回客户端(根证书、中间证书,最后是服务器证书)。
根据these specifications,所有这些证书也已安装在客户端 iOS 设备上
通过 HTTPS 连接会导致客户端和服务器上出现以下错误/日志。这是在 Liberty Websphere Application Server 上使用 Mobile First 6.3。
客户:
2015-03-13 09:52:30.133 WFM[80268:291046] [DEBUG] [WL_CONFIG] -[WLConfig init] in WLConfig.m:68 ::
"application id" = WFM;
"application version" = "1.0";
environment = iOSnative;
host = "xxxxxxxx";
platformVersion = "6.3.0.00.20141127-1357";
port = 9443;
protocol = https;
wlServerContext = "/worklight/";
wlUid = "wY/mbnwKTDDYQUvuQCdSgg==";
2015-03-13 09:52:30.421 WFM[80268:291046] [TRACE] [WL_AUTH] -[WLDeviceAuthManager getWLUniqueDeviceId] in WLDeviceAuthManager.m:71 :: returning UUID from the keychain
2015-03-13 09:52:30.435 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] +[WLAFHTTPClientWrapper requestWithURL:] in WLAFHTTPClientWrapper.m:37 :: Request url is https://xxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/init
2015-03-13 09:52:30.452 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:119 :: Request timeout is 60.000000
2015-03-13 09:52:30.465 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:195 :: Sending request (https://xxxxx:9443/worklight/apps/services/api/WFM/iOSnative/init) with headers:
"Accept-Language" = en;
"User-Agent" = "WFM/1 (iPhone Simulator; iOS 8.1; Scale/2.00)/WLNativeAPI/6.3.0.00.20141127-1357";
"X-Requested-With" = XMLHttpRequest;
"x-wl-app-version" = "1.0";
"x-wl-clientlog-appname" = WFM;
"x-wl-clientlog-appversion" = "1.0";
"x-wl-clientlog-deviceId" = "F986FBE9-C91C-459A-BCCE-591B6822D267";
"x-wl-clientlog-env" = iOSnative;
"x-wl-clientlog-model" = "x86_64";
"x-wl-clientlog-osversion" = "8.1";
"x-wl-platform-version" = "6.3.0.00.20141127-1357";
Post Data: action=test&isAjaxRequest=true
2015-03-13 09:52:30.500 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper start] in WLAFHTTPClientWrapper.m:182 :: Starting the request with URL
2015-03-13 09:52:30.513 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:200 :: waiting for response... (Thread=<NSThread: 0x7fhttps://xxxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/initc1ce110ba0>number = 1, name = main)
Loading
2015-03-13 09:52:30.769 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:209 :: Request Failed
2015-03-13 09:52:30.781 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:210 :: Response Status Code : 0
2015-03-13 09:52:30.794 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:211 :: Response Error : The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
2015-03-13 09:52:30.838 WFM[80268:291046] [ERROR] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:354 :: Status code='0' error='The operation couldn’t be completed. (NSURLErrorDomain error -1012.)' response='(null)'
2015-03-13 09:52:30.850 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:357 :: Response Header: (null)
Response Data: (null)
2015-03-13 09:52:30.860 WFM[80268:291046] [ERROR] [WL_CLIENT] -[WLClient onInitRequestFailure:userInfo:] in WLClient.m:1030 :: onInitRequestFailure
AD WL failed
The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
C.WLErrorCode
0
服务器:
messages.log
或 console.log
文件中没有任何内容。我启用了跟踪:<logging traceSpecification="SSL=all:SSLChannel=all"/>
并在 trace.log
文件中看到以下内容
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > init, vc=1088683271 Entry
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < init Exit
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > ready, vc=1088683271 Entry
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel > getSSLContextForInboundLink Entry
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 host=* port=9443 endPoint=defaultHttpEndpoint-ssl
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 Querying security service for alias=[defaultSSLConfig]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getProperties Entry
defaultSSLConfig
com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl
null
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getSSLPropertiesOnThread Entry
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getProperties
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getSSLPropertiesOnThread Exit
Thread properties are NULL.
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > getSSLConfig: defaultSSLConfig Entry
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < getSSLConfig Exit
SSLConfig.toString()
com.ibm.ssl.keyStorePassword=********
com.ibm.ssl.daysBeforeExpireWarning=60
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.keyStoreName=defaultKeyStore
config.displayId=keyStore[defaultKeyStore]
com.ibm.ssl.trustStoreReadOnly=false
com.ibm.ssl.contextProvider=SunJSSE
com.ibm.ssl.keyStoreFileBased=true
com.ibm.ssl.alias=defaultSSLConfig
com.ibm.ssl.keyManager=SunX509
com.ibm.ssl.keyStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
com.ibm.ssl.trustStoreInitializeAtStartup=true
com.ibm.ssl.keyStoreType=jks
com.ibm.ssl.clientAuthentication=false
com.ibm.ssl.keyStoreInitializeAtStartup=true
config.source=file
alias=defaultSSLConfig
id=defaultKeyStore
service.factoryPid=com.ibm.ws.ssl.keystore
config.id=com.ibm.ws.ssl.keystore[defaultKeyStore]
com.ibm.ssl.trustStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
service.pid=com.ibm.ws.ssl.keystore_133
com.ibm.ssl.tokenEnabled=false
com.ibm.ssl.trustManager=PKIX
com.ibm.ssl.protocol=SSL
com.ibm.ssl.trustStorePassword=********
com.ibm.ssl.trustStoreName=defaultKeyStore
com.ibm.ssl.keyStoreCreateCMSStash=false
config.overrides=true
com.ibm.ssl.trustStoreCreateCMSStash=false
sslRef=defaultSSLConfig
com.ibm.ssl.keyStoreReadOnly=false
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustStoreType=jks
com.ibm.ssl.validationEnabled=false
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > determineIfCSIv2SettingsApply Entry
com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < determineIfCSIv2SettingsApply (original settings) Exit
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getProperties -> direct Exit
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 SSL configuration <null value means non-string>:
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStorePassword = ********
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.daysBeforeExpireWarning = 60
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreName = defaultKeyStore
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.displayId = keyStore[defaultKeyStore]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreReadOnly = false
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.contextProvider = SunJSSE
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.alias = defaultSSLConfig
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyManager = SunX509
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreInitializeAtStartup = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreType = jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.clientAuthentication = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreInitializeAtStartup = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.source = file
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 alias = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 id = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.factoryPid = com.ibm.ws.ssl.keystore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.id = com.ibm.ws.ssl.keystore[defaultKeyStore]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.pid = com.ibm.ws.ssl.keystore_133
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.tokenEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustManager = PKIX
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.protocol = SSL
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStorePassword = ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreName = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.overrides = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 sslRef = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreReadOnly = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.securityLevel = HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreType = jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.validationEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory > getInstance: null Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory < getInstance: com.ibm.ws.ssl.provider.SunJSSEProvider@8ae8a43 Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider > getSSLContext Entry
com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 setOutboundConnectionInfoInternal :null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider 3 outboundConnectionInfo: null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider < getSSLContext -> (from cache) Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel < getSSLContextForInboundLink Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > getSSLEngine Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig > getEnabledCipherSuites Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants > adjustSupportedCiphersToSecurityLevel Entry
(63) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_RC4_128_SHA SSL_DH_anon_WITH_RC4_128_MD5 SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_anon_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_RC4_128_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5
HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants < adjustSupportedCiphersToSecurityLevel -> (9) TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig < getEnabledCipherSuites Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth needed is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth supported is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Calling beginHandshake on engine
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < getSSLEngine, hc=939063257 Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 SSL engine hc=939063257 associated with vc=1088683271
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > readyInbound, vc=1088683271 Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Initial read bytes: 193
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Before unwrap
netBuf: hc=978838596 pos=0 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 After unwrap
netBuf: hc=978838596 pos=193 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
status=OK HSstatus=NEED_TASK consumed=193 produced=0
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > handleHandshake, engine=939063257 Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_TASK
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseEngineServerAlias Entry
RSA
null
37f8f7d9[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseServerAlias Entry
RSA
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getInboundConnectionInfo Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getInboundConnectionInfo
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getInboundConnectionInfo Exit
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseServerAlias (from JSSE) Exit
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseEngineServerAlias: wfm_app_server Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getPrivateKey Entry
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getPrivateKey -> true Exit
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getCertificateChain: wfm_app_server Entry
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getCertificateChain Exit
[
[
Version: V3
Subject: OID.0.9.2342.19200300.100.1.3=bradley.dcosta@au1.ibm.com, UID=376595616, CN=xxxxx.com, OU=GBS, O=ibm.com, L=St. Leonards, ST=St. Leonards, C=AU
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 0000
public exponent: 0000
Validity: [From: Tue Mar 03 16:00:00 AEDT 2015,
To: Fri Mar 02 15:59:59 AEDT 2018]
Issuer: CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US
SerialNumber: [ 4fb7]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
00000
]
]
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL41, CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US]
, DistributionPoint:
[URIName: http://xxxxxx.com:2001/PKIServ/cacerts/CRL41.crl]
]]
[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 6A 68 74 74 70 3A 2F 2F 77 33 2D 30 33 2E 69 .jhttp://w3-03.i
0010: 62 6D 2E 63 6F 6D 2F 74 72 61 6E 73 66 6F 72 6D bm.com/transform
0020: 2F 73 61 73 2F 61 73 2D 77 65 62 2E 6E 73 66 2F /sas/as-web.nsf/
0030: 43 6F 6E 74 65 6E 74 44 6F 63 73 42 79 54 69 74 ContentDocsByTit
0040: 6C 65 2F 49 6E 66 6F 72 6D 61 74 69 6F 6E 2B 54 le/Information+T
0050: 65 63 68 6E 6F 6C 6F 67 79 2B 53 65 63 75 72 69 echnology+Securi
0060: 74 79 2B 53 74 61 6E 64 61 72 64 73 ty+Standards
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 00000
]] ]
]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 19 00 5A 9D FA 45 CF 0E E5 F6 6F 0E A2 7E 12 8E ..Z..E....o.....
0010: FC A5 F5 63 ...c
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000000
]
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 After task, hsstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap:
encBuf: hc=1861873243 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap:
encBuf: hc=1861873243 pos=0 lim=1906 cap=24576
status=OK HSstatus=NEED_UNWRAP consumed=0 produced=1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 Write bytes: 1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Get ready to decrypt data, netBuf: hc=978838596 pos=0 lim=8192 cap=8192
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Nothing was in the buffer
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Do async read
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Read is not done. Callback will be used.
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 after handshake loop, status=OK HSstatus=NEED_UNWRAP, fromCallback=false, engine=939063257
netBuf: hc=978838596 pos=0 lim=8192 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < handleHandshake Exit
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < readyInbound Exit
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < ready Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback 3 Error occured during a read, exception:java.io.IOException: Connection closed: Read failed. Possible end of stream encountered.
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > error (handshake), vc=1088683271 Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 Caught exception during unwrap, java.io.IOException: Connection closed: Read failed. Possible end of stream encountered.
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > close, vc=1088683271 Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext > close Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext < close Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext > close, vc=1088683271 Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext < close Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > shutDownSSLEngine: isServer: true isConnected: true com.ibm.ws.channel.ssl.internal.SSLConnectionLink@5a8fd148 Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > flushCloseDown Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap:
buf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap:
buf: hc=1615546952 pos=0 lim=7 cap=24576
status=CLOSED consumed=0 produced=7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 write bytes: 7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < flushCloseDown Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < shutDownSSLEngine Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > destroy, vc=1088683271 Entry
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < destroy Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < close Exit
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < error (handshake), vc=1088683271 Exit
【问题讨论】:
【参考方案1】:一些建议......
-
设备上只需要安装根 CA。没有其他的。通过电子邮件或安全下载链接(不要使用浏览器的证书导入)将此根 CA 安装到设备信任库中,这一点很重要。
确保服务器提供证书链的顺序是正确的。 iOS 在这里比 android 严格得多,如果顺序不正确,将不信任服务器。
确保服务器证书公用名与主机名而不是 IP 匹配。需要使用主机名。
尝试使用诊断工具来帮助调试 SSL 相关问题。例如,这将有助于验证 ssl 路径问题:
openssl s_client -CApath $HOME/CAdir -connect hostname:port
【讨论】:
谢谢 - 它最终成为导致问题的 #2。原始服务器设置没有正确设置证书链。我按照以下链接使用 OpenSSL 重做它并且一切正常。 www-01.ibm.com/support/knowledgecenter/SSHS8R_6.3.0/…以上是关于通过 HTTPS 连接到 MobileFirst Server 时出现问题的主要内容,如果未能解决你的问题,请参考以下文章
我们能否从 iPad wifi 间接连接到中间有安全层的 MobileFirst Server?
混合 Android 应用程序未连接到 MobileFirst 服务器
来自应用程序的 MobileFirst 8.0 调用适配器正在连接到 localhost:6015/mfp