我正在尝试使用 Domino java 代理连接到启用 https 的 Web 服务。使用 http 可以正常工作,但使用 https 则失败。我禁用了 TLS 1.2(显然 Fix Pack 4 和 5 有 TLS 1.2 和 Java 的错误)。
现在我收到以下错误...
[1034:0007-1164] 12/08/2015 05:44:57.75 PM SSLAdvanceHandshake Exit> State HandshakeCertificate (8)
[1034:0007-1164] 12/08/2015 05:44:57.75 PM SSLProcessHandshakeMessage Enter> Message: Certificate (11) State: HandshakeCertificate (8) Key Exchange: 15 Cipher: ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
[1034:0007-1164] 12/08/2015 05:44:57.80 PM SSLCheckCertChain> Invalid certificate chain received
[1034:0007-1164] Cert Chain Evaluation Status: err: 3659, Cannot establish trust in a certificate or CRL.
[1034:0007-1164] 12/08/2015 05:44:57.80 PM SSLSendAlert> Sending an alert of 0x0 (close_notify) level 0x2 (fatal)
[1034:0007-1164] 12/08/2015 05:44:57.80 PM SSLProcessHandshakeMessage Exit> Message: Certificate (11) State: SSLErrorClose (2) Key Exchange: 15 Cipher: ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
[1034:0007-1164] 12/08/2015 05:44:57.80 PM SSL_Handshake> Changing SSL status from -6986 to -5000 to flush write queue
[1034:0007-1164] 12/08/2015 05:44:57.80 PM SSL_Handshake> After handshake state = SSLErrorClose (2); Status = -5000
[1034:0007-1164] 12/08/2015 05:44:57.80 PM int_MapSSLError> Mapping SSL error -5000 to 4176 [SSLHandshakeNoDone]
[1034:0007-1164] 12/08/2015 05:44:57.80 PM S_Write> Enter len = 7
[1034:0007-1164] 12/08/2015 05:44:57.80 PM SSL_Xmt> 00000000: 15 03 01 00 02 02 00 '.......'
[1034:0007-1164] 12/08/2015 05:44:57.80 PM S_Write> Switching Endpoint to sync
[1034:0007-1164] 12/08/2015 05:44:57.81 PM S_Write> Posting a nti_snd for 7 bytes
[1034:0007-1164] 12/08/2015 05:44:57.81 PM SSL_EncryptData> SSL not init exit
[1034:0007-1164] 12/08/2015 05:44:57.81 PM S_Write> Switching Endpoint to async
[1034:0007-1164] 12/08/2015 05:44:57.81 PM SSL_EncryptDataCleanup> SSL not init exit
[1034:0007-1164] 12/08/2015 05:44:57.81 PM S_Write> nti_done return 7 bytes rc = 0
[1034:0007-1164] 12/08/2015 05:44:57.81 PM S_Write> Exit, wrote 7 bytes
[1034:0007-1164] 12/08/2015 05:44:57.81 PM SSL_Handshake> After handshake2 state SSLErrorClose (2)
[1034:0007-1164] 12/08/2015 05:44:57.81 PM int_MapSSLError> Mapping SSL error -6986 to 4163 [X509CertChainInvalidErr]
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: WebServiceEngineFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: Error connecting to 'api.qa.silverlining.synovia.com' on port '443', SSL invalid certificate, may need to cross-certify.
faultActor:
faultNode:
faultDetail:
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: Error connecting to 'api.qa.silverlining.synovia.com' on port '443', SSL invalid certificate, may need to cross-certify.
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.InternalFault.makeFault(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.transport.http.HTTPSender.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.strategies.InvocationStrategy.visit(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.SimpleChain.doVisiting(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.SimpleChain.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.client.AxisClient.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.client.Call.invokeEngine(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.client.Call.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.client.Call.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.client.Call.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.axis.client.Call.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.websvc.client.Call.invoke(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at org.tempuri.BasicHttpBinding_ISynoviaApi1Stub.s0001(BasicHttpBinding_ISynoviaApi1Stub.java:11)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at JavaAgent.NotesMain(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: at lotus.domino.NotesThread.run(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:57 PM Agent Manager: Agent error: Caused by:
[1034:0007-1164] 12/08/2015 05:44:58 PM Agent Manager: Agent error: Error connecting to 'api.qa.silverlining.synovia.com' on port '443', SSL invalid certificate, may need to cross-certify.
[1034:0007-1164] 12/08/2015 05:44:58 PM Agent Manager: Agent error: at lotus.domino.axis.transport.http.NotesSocket.openConnection(Native Method)
[1034:0007-1164] 12/08/2015 05:44:58 PM Agent Manager: Agent error: at lotus.domino.axis.transport.http.NotesSocket.<init>(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:58 PM Agent Manager: Agent error: at lotus.domino.axis.transport.http.HTTPSender.getSocket(Unknown Source)
[1034:0007-1164] 12/08/2015 05:44:58 PM Agent Manager: Agent error: ... 15 more
[1034:0005-11A0] 12/08/2015 05:44:58 PM AMgr: Agent 's0001' in 'testweb.nsf' completed execution
我连接的服务是 DigiCert SSL 证书。我尝试使用 Explorer 导出 .cer 文件并将其导入到 Domino 目录,但没有成功。我也尝试将其导入到 cacerts 中,但这也没有做任何事情。
有什么建议吗?霍华德
最佳答案
在使用 WS 之前,您需要对 api.qa.silverlined.synovia.com 证书进行交叉验证(在 Domino 中)。
Official doc ,不是很清楚,所以请在下面找到如何与具有您想要交叉认证的 ssl 的 Web 服务器进行交叉认证:
关于java - 为 Domino Java 代理创建交叉证书?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34167733/