从Worklight Adapter对HTTPS服务器进行Web服务调用 - javax.net.ssl.SSLPeerUnverifiedException:peer未通过身份验证
我正在尝试从我的适配器点击基于REST的HTTPS服务,我的.xml文件看起来像这样,
I am trying to hit a REST based HTTPS service from my adapter and my .xml file looks like this,
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>myco.company.com</domain>
<port>443</port>
<!-- Following properties used by adapter's key manager for choosing specific certificate from key store
<sslCertificateAlias></sslCertificateAlias>
<sslCertificatePassword></sslCertificatePassword>
-->
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2"/>
</connectivity>
我收到此异常
Http request failed: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
但是当我使用HTTP协议和不同的服务器IP地址时,一切正常。部署的服务器代码是相同的,并且服务似乎在浏览器上正常工作。我看到 http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fadmin%2Ft_ibm_worklight_server_and_self-signed_certificates.html 但是没有任何想法。感谢任何帮助。
but everything was working fine when I was using HTTP protocol and a different server ip address. The server code deployed is the same and the services seems to work fine on a browser. I saw http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fadmin%2Ft_ibm_worklight_server_and_self-signed_certificates.html but did not get any idea. Any help is appreciated.
当您提供错误的证书或未提供正确的证书时,会发生SSLPeerUnverifiedException证书。使用HTTP的原因是因为证书不是必需的;它只需要HTTPS。
The SSLPeerUnverifiedException happens when you either provide a certificate that is wrong, or you do not provide the right certificate. The reason it worked with HTTP was because the certificate was not required for it; it is only required for HTTPS.
在这种情况下,您似乎没有指定服务器将用于创建HTTPS连接的证书。为此,您必须做以下几件事:
In this case, it seems that you are not specifying a certificate that the server will use to be able to create the HTTPS connection. For this you have to do a couple of things:
-
创建用于测试目的的证书,或使用证书您需要使用,具体取决于您的情况。您提供的链接说明了如何创建自己的自定义证书以进行测试。 (请注意,您应该仅将自定义证书用于测试目的,因为它们不安全,因此不应在生产环境中使用。)
Either create a certificate to use for testing purposes, or use the certificate that you are required to use, depending on your case. The link you provided explains how to create your own custom certificate for testing purposes. (Please be aware that you should only use custom certificates for testing purposes only, as they are not secure and thus should not be used in a production environment).
将您拥有的证书放在Java密钥库中,并将Worklight配置为使用所述密钥库。有关详细信息,请参阅 http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.deploy.doc/admin/r_ssl_certificate_keystore_setup.html 。
Put the certificate you have inside a Java keystore, and configure Worklight to use said keystore. For more details, see http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.deploy.doc/admin/r_ssl_certificate_keystore_setup.html.
完成前两个步骤后,在那里的connectionPolicy中,您必须指定SSLCertificateAlias和SSLCertificatePassword。别名是保存在密钥库中的名称,密码是用于加密密钥库的密码。有关详细信息,请查看此处:
http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.dev.doc/devref/r_the__connectionpolicy__element.html
After finishing the two previous steps, in the connectionPolicy that you have there, you have to specify the SSLCertificateAlias and SSLCertificatePassword. The alias is the name under which it was saved in the keystore, and the password is the password use to encrypt the keystore. For more details, look here: http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.dev.doc/devref/r_the__connectionpolicy__element.html
这样就可以了。