问题通过HTTPS连接到服务器MobileFirst(Issue connecting to Mob

2019-10-22 06:37发布

我们有一个连接到服务器MobileFirst一个应用程序。 我们的应用程序连接通过HTTP正常,但是它不会通过HTTPS连接。 该应用程序本身是在Xcode内置了原生iOS应用。

我们在服务器上有一个自签名证书。 服务器是按照这个顺序设置通过整个证书钥匙串返回给客户端(根,中间和最后的服务器证书)。

所有这些证书已经安装在客户端的iOS设备上,以及,根据这些规范

通过HTTPS连接导致客户端和服务器上的下列错误/日志。 这是自由WebSphere Application Server上使用移动首批6.3。

客户:

2015-03-13 09:52:30.133 WFM[80268:291046] [DEBUG] [WL_CONFIG] -[WLConfig init] in WLConfig.m:68 :: {
"application id" = WFM;
"application version" = "1.0";
environment = iOSnative;
host = "xxxxxxxx";
platformVersion = "6.3.0.00.20141127-1357";
port = 9443;
protocol = https;
wlServerContext = "/worklight/";
wlUid = "wY/mbnwKTDDYQUvuQCdSgg==";
}
2015-03-13 09:52:30.421 WFM[80268:291046] [TRACE] [WL_AUTH] -[WLDeviceAuthManager getWLUniqueDeviceId] in WLDeviceAuthManager.m:71 :: returning UUID from the keychain
2015-03-13 09:52:30.435 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] +[WLAFHTTPClientWrapper requestWithURL:] in WLAFHTTPClientWrapper.m:37 :: Request url is https://xxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/init
2015-03-13 09:52:30.452 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:119 :: Request timeout is 60.000000
2015-03-13 09:52:30.465 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:195 :: Sending request (https://xxxxx:9443/worklight/apps/services/api/WFM/iOSnative/init) with headers: 
{
"Accept-Language" = en;
"User-Agent" = "WFM/1 (iPhone Simulator; iOS 8.1; Scale/2.00)/WLNativeAPI/6.3.0.00.20141127-1357";
"X-Requested-With" = XMLHttpRequest;
"x-wl-app-version" = "1.0";
"x-wl-clientlog-appname" = WFM;
"x-wl-clientlog-appversion" = "1.0";
"x-wl-clientlog-deviceId" = "F986FBE9-C91C-459A-BCCE-591B6822D267";
"x-wl-clientlog-env" = iOSnative;
"x-wl-clientlog-model" = "x86_64";
"x-wl-clientlog-osversion" = "8.1";
"x-wl-platform-version" = "6.3.0.00.20141127-1357";
}
Post Data: action=test&isAjaxRequest=true
2015-03-13 09:52:30.500 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper start] in WLAFHTTPClientWrapper.m:182 :: Starting the request with URL 
2015-03-13 09:52:30.513 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:200 :: waiting for response... (Thread=<NSThread: 0x7fhttps://xxxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/initc1ce110ba0>{number = 1, name = main})
Loading
2015-03-13 09:52:30.769 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:209 :: Request Failed
2015-03-13 09:52:30.781 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:210 :: Response Status Code : 0
2015-03-13 09:52:30.794 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:211 :: Response Error : The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
2015-03-13 09:52:30.838 WFM[80268:291046] [ERROR] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:354 :: Status code='0' error='The operation couldn’t be completed. (NSURLErrorDomain error -1012.)' response='(null)'
2015-03-13 09:52:30.850 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:357 :: Response Header: (null)
Response Data: (null)
2015-03-13 09:52:30.860 WFM[80268:291046] [ERROR] [WL_CLIENT] -[WLClient onInitRequestFailure:userInfo:] in WLClient.m:1030 :: onInitRequestFailure
AD WL failed
The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
C.WLErrorCode
0

服务器:

没有在messages.logconsole.log文件。 我已启用的跟踪: <logging traceSpecification="SSL=all:SSLChannel=all"/>并看到在下面trace.log文件

[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > init, vc=1088683271 Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < init Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > ready, vc=1088683271 Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel > getSSLContextForInboundLink Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 host=* port=9443 endPoint=defaultHttpEndpoint-ssl
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 Querying security service for alias=[defaultSSLConfig]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getProperties Entry 
defaultSSLConfig
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
null
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getSSLPropertiesOnThread Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getProperties
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getSSLPropertiesOnThread Exit 
Thread properties are NULL.
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > getSSLConfig: defaultSSLConfig Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < getSSLConfig Exit 
SSLConfig.toString() {
com.ibm.ssl.keyStorePassword=********
com.ibm.ssl.daysBeforeExpireWarning=60
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.keyStoreName=defaultKeyStore
config.displayId=keyStore[defaultKeyStore]
com.ibm.ssl.trustStoreReadOnly=false
com.ibm.ssl.contextProvider=SunJSSE
com.ibm.ssl.keyStoreFileBased=true
com.ibm.ssl.alias=defaultSSLConfig
com.ibm.ssl.keyManager=SunX509
com.ibm.ssl.keyStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
com.ibm.ssl.trustStoreInitializeAtStartup=true
com.ibm.ssl.keyStoreType=jks
com.ibm.ssl.clientAuthentication=false
com.ibm.ssl.keyStoreInitializeAtStartup=true
config.source=file
alias=defaultSSLConfig
id=defaultKeyStore
service.factoryPid=com.ibm.ws.ssl.keystore
config.id=com.ibm.ws.ssl.keystore[defaultKeyStore]
com.ibm.ssl.trustStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
service.pid=com.ibm.ws.ssl.keystore_133
com.ibm.ssl.tokenEnabled=false
com.ibm.ssl.trustManager=PKIX
com.ibm.ssl.protocol=SSL
com.ibm.ssl.trustStorePassword=********
com.ibm.ssl.trustStoreName=defaultKeyStore
com.ibm.ssl.keyStoreCreateCMSStash=false
config.overrides=true
com.ibm.ssl.trustStoreCreateCMSStash=false
sslRef=defaultSSLConfig
com.ibm.ssl.keyStoreReadOnly=false
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustStoreType=jks
com.ibm.ssl.validationEnabled=false
}
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > determineIfCSIv2SettingsApply Entry 
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < determineIfCSIv2SettingsApply (original settings) Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getProperties -> direct Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 SSL configuration <null value means non-string>:
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStorePassword = ********
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.daysBeforeExpireWarning = 60
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreName = defaultKeyStore
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.displayId = keyStore[defaultKeyStore]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreReadOnly = false
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.contextProvider = SunJSSE
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.alias = defaultSSLConfig
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyManager = SunX509
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreInitializeAtStartup = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreType = jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.clientAuthentication = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreInitializeAtStartup = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.source = file
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 alias = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 id = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.factoryPid = com.ibm.ws.ssl.keystore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.id = com.ibm.ws.ssl.keystore[defaultKeyStore]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.pid = com.ibm.ws.ssl.keystore_133
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.tokenEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustManager = PKIX
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.protocol = SSL
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStorePassword = ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreName = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.overrides = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 sslRef = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreReadOnly = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.securityLevel = HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreType = jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.validationEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory > getInstance: null Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory < getInstance: com.ibm.ws.ssl.provider.SunJSSEProvider@8ae8a43 Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider > getSSLContext Entry 
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 setOutboundConnectionInfoInternal :null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider 3 outboundConnectionInfo: null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider < getSSLContext -> (from cache) Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel < getSSLContextForInboundLink Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > getSSLEngine Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig > getEnabledCipherSuites Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants > adjustSupportedCiphersToSecurityLevel Entry 
(63) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_RC4_128_SHA SSL_DH_anon_WITH_RC4_128_MD5 SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_anon_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_RC4_128_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5
HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants < adjustSupportedCiphersToSecurityLevel -> (9) TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig < getEnabledCipherSuites Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth needed is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth supported is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Calling beginHandshake on engine
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < getSSLEngine, hc=939063257 Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 SSL engine hc=939063257 associated with vc=1088683271
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > readyInbound, vc=1088683271 Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Initial read bytes: 193
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Before unwrap
netBuf: hc=978838596 pos=0 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 After unwrap
netBuf: hc=978838596 pos=193 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
status=OK HSstatus=NEED_TASK consumed=193 produced=0
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > handleHandshake, engine=939063257 Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_TASK
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseEngineServerAlias Entry 
RSA
null
37f8f7d9[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseServerAlias Entry 
RSA
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getInboundConnectionInfo Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getInboundConnectionInfo
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getInboundConnectionInfo Exit 
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseServerAlias (from JSSE) Exit 
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseEngineServerAlias: wfm_app_server Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getPrivateKey Entry 
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getPrivateKey -> true Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getCertificateChain: wfm_app_server Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getCertificateChain Exit 
[
[
Version: V3
Subject: OID.0.9.2342.19200300.100.1.3=bradley.dcosta@au1.ibm.com, UID=376595616, CN=xxxxx.com, OU=GBS, O=ibm.com, L=St. Leonards, ST=St. Leonards, C=AU
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 1024 bits
modulus: 0000
public exponent: 0000
Validity: [From: Tue Mar 03 16:00:00 AEDT 2015,
To: Fri Mar 02 15:59:59 AEDT 2018]
Issuer: CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US
SerialNumber: [ 4fb7]

Certificate Extensions: 6
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
00000
]
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL41, CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US]
, DistributionPoint:
[URIName: http://xxxxxx.com:2001/PKIServ/cacerts/CRL41.crl]
]]

[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 6A 68 74 74 70 3A 2F 2F 77 33 2D 30 33 2E 69 .jhttp://w3-03.i
0010: 62 6D 2E 63 6F 6D 2F 74 72 61 6E 73 66 6F 72 6D bm.com/transform
0020: 2F 73 61 73 2F 61 73 2D 77 65 62 2E 6E 73 66 2F /sas/as-web.nsf/
0030: 43 6F 6E 74 65 6E 74 44 6F 63 73 42 79 54 69 74 ContentDocsByTit
0040: 6C 65 2F 49 6E 66 6F 72 6D 61 74 69 6F 6E 2B 54 le/Information+T
0050: 65 63 68 6E 6F 6C 6F 67 79 2B 53 65 63 75 72 69 echnology+Securi
0060: 74 79 2B 53 74 61 6E 64 61 72 64 73 ty+Standards

], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 00000

]] ]
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]

[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 19 00 5A 9D FA 45 CF 0E E5 F6 6F 0E A2 7E 12 8E ..Z..E....o.....
0010: FC A5 F5 63 ...c
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000000

]
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 After task, hsstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap: 
encBuf: hc=1861873243 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap: 
encBuf: hc=1861873243 pos=0 lim=1906 cap=24576
status=OK HSstatus=NEED_UNWRAP consumed=0 produced=1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 Write bytes: 1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Get ready to decrypt data, netBuf: hc=978838596 pos=0 lim=8192 cap=8192
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Nothing was in the buffer
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Do async read
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Read is not done. Callback will be used.
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 after handshake loop, status=OK HSstatus=NEED_UNWRAP, fromCallback=false, engine=939063257
netBuf: hc=978838596 pos=0 lim=8192 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < handleHandshake Exit 
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < readyInbound Exit 
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < ready Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback 3 Error occured during a read, exception:java.io.IOException: Connection closed: Read failed. Possible end of stream encountered. 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > error (handshake), vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 Caught exception during unwrap, java.io.IOException: Connection closed: Read failed. Possible end of stream encountered. 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > close, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext > close Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext > close, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > shutDownSSLEngine: isServer: true isConnected: true com.ibm.ws.channel.ssl.internal.SSLConnectionLink@5a8fd148 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > flushCloseDown Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap: 
buf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap: 
buf: hc=1615546952 pos=0 lim=7 cap=24576
status=CLOSED consumed=0 produced=7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 write bytes: 7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < flushCloseDown Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < shutDownSSLEngine Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > destroy, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < destroy Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < error (handshake), vc=1088683271 Exit 

Answer 1:

一对夫妇的建议...

  1. 所有这一切需要在设备上安装的根CA 没有其他的。 而且,你通过电子邮件或安全的下载链接(不要使用浏览器的证书进口)安装此根CA到设备上,信任是非常重要的。
  2. 确保在服务器提供的证书链,顺序是按照正确的顺序。 是的iOS比Android更严格这里,如果顺序不正确,将不信任该服务器。
  3. 确保服务器证书的通用名称的主机名,而不是IP相匹配。 需要使用主机名。
  4. 尝试使用诊断工具来帮助调试SSL相关的问题。 例如,这将有助于验证SSL路径问题:
    OpenSSL的的s_client.First -CApath $ HOME / CAdir -connect主机名:端口


文章来源: Issue connecting to MobileFirst Server via HTTPS