问题
I'm using Tibco BusinessWorks to consume a soap web service over an HTTPS connection.
The instructions boil down to:
- Export certificates using a web browser.
- Use the Tools->Trusted Certificates->Import PEM format to folder within the project.
- In the SSL Config of the Transport Details tab, point to the trusted certs folder you imported them to.
--OR--
Use the BW_GLOBAL_TRUSTED_CA_STORE global variable to point to an external folder (file:///c:/tibco/certs) and put the certs there in pem format.
I've tried both ways, and still end up with the error below:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
I've tried exporting them via firefox and IE. In different formats including all keys and individually, yet the error still persists.
Is there something more specific that I need to do or is there a way to turn up the debugging for the cert verifier? I've tried turning up the debug level for designer, but I'm not sure I'm doing that correctly.
Any help would be wonderful.
Thanks much!
回答1:
The issue was not having the actual root certificate in the trusted certs path.
This was easily solved by exporting certificates using OpenSSL:
openssl s_client -showcerts -connect <domain>:443
and copying all the certificates from there.
回答2:
No need to keep certificates in your BW Project.
Just give your certificates path to GV, BW_GLOBAL_TRUSTED_CA_STORE and go to your process where you are using the soap request reply pallette and give the reference of the global variable in trusted certificate path and save the process.
Then run your BW Process
回答3:
Nathan's own answer worked for me. When copying a certificate the file extension should be .cert.
However if I export my process with the ssl certificates to a design time lib (.projlib) and import the library in another BW project then Designer/BW requires that each certificate file should not contain more than one certificate.
来源:https://stackoverflow.com/questions/1039556/tibco-soap-request-over-https-ssl-certificate-verification-problem