1. 技术文章
  2. Issue connecting to MobileFirst Server via HTTPS

Issue connecting to MobileFirst Server via HTTPS

前提是你 提交于 2020-01-16 03:51:14

问题


We have an app that connects to a MobileFirst Server. Our app connects fine via HTTP, however it will not connect via HTTPS. The App itself is a native iOS app built with Xcode.

We have a self signed certificate on the server. The server is setup to pass the whole certificate keychain back to the client (Root, Intermediate and finally the server certificate) in that order.

All these certificates have been installed on the client iOS device as well, according to these specifications

Connecting via HTTPS results in the following errors/logs on the client & server. This is using Mobile First 6.3 on Liberty Websphere Application Server.

Client:

2015-03-13 09:52:30.133 WFM[80268:291046] [DEBUG] [WL_CONFIG] -[WLConfig init] in WLConfig.m:68 :: {
"application id" = WFM;
"application version" = "1.0";
environment = iOSnative;
host = "xxxxxxxx";
platformVersion = "6.3.0.00.20141127-1357";
port = 9443;
protocol = https;
wlServerContext = "/worklight/";
wlUid = "wY/mbnwKTDDYQUvuQCdSgg==";
}
2015-03-13 09:52:30.421 WFM[80268:291046] [TRACE] [WL_AUTH] -[WLDeviceAuthManager getWLUniqueDeviceId] in WLDeviceAuthManager.m:71 :: returning UUID from the keychain
2015-03-13 09:52:30.435 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] +[WLAFHTTPClientWrapper requestWithURL:] in WLAFHTTPClientWrapper.m:37 :: Request url is https://xxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/init
2015-03-13 09:52:30.452 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:119 :: Request timeout is 60.000000
2015-03-13 09:52:30.465 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:195 :: Sending request (https://xxxxx:9443/worklight/apps/services/api/WFM/iOSnative/init) with headers: 
{
"Accept-Language" = en;
"User-Agent" = "WFM/1 (iPhone Simulator; iOS 8.1; Scale/2.00)/WLNativeAPI/6.3.0.00.20141127-1357";
"X-Requested-With" = XMLHttpRequest;
"x-wl-app-version" = "1.0";
"x-wl-clientlog-appname" = WFM;
"x-wl-clientlog-appversion" = "1.0";
"x-wl-clientlog-deviceId" = "F986FBE9-C91C-459A-BCCE-591B6822D267";
"x-wl-clientlog-env" = iOSnative;
"x-wl-clientlog-model" = "x86_64";
"x-wl-clientlog-osversion" = "8.1";
"x-wl-platform-version" = "6.3.0.00.20141127-1357";
}
Post Data: action=test&isAjaxRequest=true
2015-03-13 09:52:30.500 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper start] in WLAFHTTPClientWrapper.m:182 :: Starting the request with URL 
2015-03-13 09:52:30.513 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:200 :: waiting for response... (Thread=<NSThread: 0x7fhttps://xxxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/initc1ce110ba0>{number = 1, name = main})
Loading
2015-03-13 09:52:30.769 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:209 :: Request Failed
2015-03-13 09:52:30.781 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:210 :: Response Status Code : 0
2015-03-13 09:52:30.794 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:211 :: Response Error : The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
2015-03-13 09:52:30.838 WFM[80268:291046] [ERROR] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:354 :: Status code='0' error='The operation couldn’t be completed. (NSURLErrorDomain error -1012.)' response='(null)'
2015-03-13 09:52:30.850 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:357 :: Response Header: (null)
Response Data: (null)
2015-03-13 09:52:30.860 WFM[80268:291046] [ERROR] [WL_CLIENT] -[WLClient onInitRequestFailure:userInfo:] in WLClient.m:1030 :: onInitRequestFailure
AD WL failed
The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
C.WLErrorCode
0

Server:

Nothing in the messages.log or console.log files. I enabled tracing: <logging traceSpecification="SSL=all:SSLChannel=all"/> and seeing the following in the trace.log file

[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > init, vc=1088683271 Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < init Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > ready, vc=1088683271 Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel > getSSLContextForInboundLink Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 host=* port=9443 endPoint=defaultHttpEndpoint-ssl
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 Querying security service for alias=[defaultSSLConfig]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getProperties Entry 
defaultSSLConfig
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
null
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getSSLPropertiesOnThread Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getProperties
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getSSLPropertiesOnThread Exit 
Thread properties are NULL.
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > getSSLConfig: defaultSSLConfig Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < getSSLConfig Exit 
SSLConfig.toString() {
com.ibm.ssl.keyStorePassword=********
com.ibm.ssl.daysBeforeExpireWarning=60
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.keyStoreName=defaultKeyStore
config.displayId=keyStore[defaultKeyStore]
com.ibm.ssl.trustStoreReadOnly=false
com.ibm.ssl.contextProvider=SunJSSE
com.ibm.ssl.keyStoreFileBased=true
com.ibm.ssl.alias=defaultSSLConfig
com.ibm.ssl.keyManager=SunX509
com.ibm.ssl.keyStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
com.ibm.ssl.trustStoreInitializeAtStartup=true
com.ibm.ssl.keyStoreType=jks
com.ibm.ssl.clientAuthentication=false
com.ibm.ssl.keyStoreInitializeAtStartup=true
config.source=file
alias=defaultSSLConfig
id=defaultKeyStore
service.factoryPid=com.ibm.ws.ssl.keystore
config.id=com.ibm.ws.ssl.keystore[defaultKeyStore]
com.ibm.ssl.trustStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
service.pid=com.ibm.ws.ssl.keystore_133
com.ibm.ssl.tokenEnabled=false
com.ibm.ssl.trustManager=PKIX
com.ibm.ssl.protocol=SSL
com.ibm.ssl.trustStorePassword=********
com.ibm.ssl.trustStoreName=defaultKeyStore
com.ibm.ssl.keyStoreCreateCMSStash=false
config.overrides=true
com.ibm.ssl.trustStoreCreateCMSStash=false
sslRef=defaultSSLConfig
com.ibm.ssl.keyStoreReadOnly=false
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustStoreType=jks
com.ibm.ssl.validationEnabled=false
}
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > determineIfCSIv2SettingsApply Entry 
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < determineIfCSIv2SettingsApply (original settings) Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getProperties -> direct Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 SSL configuration <null value means non-string>:
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStorePassword = ********
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.daysBeforeExpireWarning = 60
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreName = defaultKeyStore
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.displayId = keyStore[defaultKeyStore]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreReadOnly = false
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.contextProvider = SunJSSE
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.alias = defaultSSLConfig
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyManager = SunX509
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreInitializeAtStartup = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreType = jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.clientAuthentication = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreInitializeAtStartup = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.source = file
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 alias = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 id = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.factoryPid = com.ibm.ws.ssl.keystore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.id = com.ibm.ws.ssl.keystore[defaultKeyStore]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.pid = com.ibm.ws.ssl.keystore_133
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.tokenEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustManager = PKIX
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.protocol = SSL
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStorePassword = ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreName = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.overrides = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 sslRef = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreReadOnly = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.securityLevel = HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreType = jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.validationEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory > getInstance: null Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory < getInstance: com.ibm.ws.ssl.provider.SunJSSEProvider@8ae8a43 Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider > getSSLContext Entry 
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 setOutboundConnectionInfoInternal :null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider 3 outboundConnectionInfo: null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider < getSSLContext -> (from cache) Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel < getSSLContextForInboundLink Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > getSSLEngine Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig > getEnabledCipherSuites Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants > adjustSupportedCiphersToSecurityLevel Entry 
(63) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_RC4_128_SHA SSL_DH_anon_WITH_RC4_128_MD5 SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_anon_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_RC4_128_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5
HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants < adjustSupportedCiphersToSecurityLevel -> (9) TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig < getEnabledCipherSuites Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth needed is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth supported is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Calling beginHandshake on engine
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < getSSLEngine, hc=939063257 Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 SSL engine hc=939063257 associated with vc=1088683271
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > readyInbound, vc=1088683271 Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Initial read bytes: 193
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Before unwrap
netBuf: hc=978838596 pos=0 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 After unwrap
netBuf: hc=978838596 pos=193 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
status=OK HSstatus=NEED_TASK consumed=193 produced=0
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > handleHandshake, engine=939063257 Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_TASK
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseEngineServerAlias Entry 
RSA
null
37f8f7d9[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseServerAlias Entry 
RSA
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getInboundConnectionInfo Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getInboundConnectionInfo
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getInboundConnectionInfo Exit 
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseServerAlias (from JSSE) Exit 
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseEngineServerAlias: wfm_app_server Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getPrivateKey Entry 
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getPrivateKey -> true Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getCertificateChain: wfm_app_server Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getCertificateChain Exit 
[
[
Version: V3
Subject: OID.0.9.2342.19200300.100.1.3=bradley.dcosta@au1.ibm.com, UID=376595616, CN=xxxxx.com, OU=GBS, O=ibm.com, L=St. Leonards, ST=St. Leonards, C=AU
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 1024 bits
modulus: 0000
public exponent: 0000
Validity: [From: Tue Mar 03 16:00:00 AEDT 2015,
To: Fri Mar 02 15:59:59 AEDT 2018]
Issuer: CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US
SerialNumber: [ 4fb7]

Certificate Extensions: 6
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
00000
]
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL41, CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US]
, DistributionPoint:
[URIName: http://xxxxxx.com:2001/PKIServ/cacerts/CRL41.crl]
]]

[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 6A 68 74 74 70 3A 2F 2F 77 33 2D 30 33 2E 69 .jhttp://w3-03.i
0010: 62 6D 2E 63 6F 6D 2F 74 72 61 6E 73 66 6F 72 6D bm.com/transform
0020: 2F 73 61 73 2F 61 73 2D 77 65 62 2E 6E 73 66 2F /sas/as-web.nsf/
0030: 43 6F 6E 74 65 6E 74 44 6F 63 73 42 79 54 69 74 ContentDocsByTit
0040: 6C 65 2F 49 6E 66 6F 72 6D 61 74 69 6F 6E 2B 54 le/Information+T
0050: 65 63 68 6E 6F 6C 6F 67 79 2B 53 65 63 75 72 69 echnology+Securi
0060: 74 79 2B 53 74 61 6E 64 61 72 64 73 ty+Standards

], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 00000

]] ]
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]

[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 19 00 5A 9D FA 45 CF 0E E5 F6 6F 0E A2 7E 12 8E ..Z..E....o.....
0010: FC A5 F5 63 ...c
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000000

]
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 After task, hsstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap: 
encBuf: hc=1861873243 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap: 
encBuf: hc=1861873243 pos=0 lim=1906 cap=24576
status=OK HSstatus=NEED_UNWRAP consumed=0 produced=1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 Write bytes: 1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Get ready to decrypt data, netBuf: hc=978838596 pos=0 lim=8192 cap=8192
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Nothing was in the buffer
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Do async read
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Read is not done. Callback will be used.
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 after handshake loop, status=OK HSstatus=NEED_UNWRAP, fromCallback=false, engine=939063257
netBuf: hc=978838596 pos=0 lim=8192 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < handleHandshake Exit 
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < readyInbound Exit 
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < ready Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback 3 Error occured during a read, exception:java.io.IOException: Connection closed: Read failed. Possible end of stream encountered. 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > error (handshake), vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 Caught exception during unwrap, java.io.IOException: Connection closed: Read failed. Possible end of stream encountered. 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > close, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext > close Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext > close, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > shutDownSSLEngine: isServer: true isConnected: true com.ibm.ws.channel.ssl.internal.SSLConnectionLink@5a8fd148 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > flushCloseDown Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap: 
buf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap: 
buf: hc=1615546952 pos=0 lim=7 cap=24576
status=CLOSED consumed=0 produced=7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 write bytes: 7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < flushCloseDown Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < shutDownSSLEngine Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > destroy, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < destroy Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < error (handshake), vc=1088683271 Exit

回答1:


A couple of suggestions...

  1. All that needs to be installed on the device is the root CA. Nothing else. And it's important that you install this root CA onto the device truststore via email or a secure download link (do not use the browser's cert import).
  2. Ensure that the order in which the server serves the certificate chain, is in the correct order. iOS is much more strict than Android here, and will not trust the server if the order is not correct.
  3. Ensure that the server certificate common name matches the hostname and not an IP. The use of hostname is required.
  4. Try using a diagnostic tool to help debug SSL related issues. For example this will help validate ssl path issues:
    openssl s_client -CApath $HOME/CAdir -connect hostname:port


来源:https://stackoverflow.com/questions/29111292/issue-connecting-to-mobilefirst-server-via-https

标签
ibm-mobilefirst
mobilefirst-server
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!