SSL无效证书，可能需要交叉验证 [英] SSL invalid certificate, may need to cross-certify

问题描述

我们有一个WebService，并向我们的客户提供WSDL.除了一个使用Lotus Notes的客户外，所有客户(有数百个)对我们的服务都没有问题.当他们的代码尝试连接到我们的服务时，该问题被抛出.这是日志.

We have an WebService and provide WSDL to our customers. All customers (there are hundreds) have no problem with our service except one who is using Lotus Notes. When their code trying to connect to our service the issue is thrown back. Here is a log.

我试图将证书导入Notes JVM(证书).没有帮助.我试图禁用证书的验证-也没有帮助.

I tried to import certificate to Notes JVM (cacerts). Did not help. I tried to disable veritifcation of certificate - did not help as well.

证书是GlobalSign

Certificate is GlobalSign

莲花笔记9.x.我正在使用Java Agent测试WSDL.

Lotus Notes 9.x. I'm using Java Agent to test WSDL.

知道我该怎么办吗?

Error connecting to 'api.mywebiste.com' on port '443', SSL invalid certificate, may need to cross-certify.
    at lotus.domino.axis.InternalFault.makeFault(Unknown Source)
    at lotus.domino.axis.transport.http.HTTPSender.invoke(Unknown Source)
    at lotus.domino.axis.strategies.InvocationStrategy.visit(Unknown Source)
    at lotus.domino.axis.SimpleChain.doVisiting(Unknown Source)
    at lotus.domino.axis.SimpleChain.invoke(Unknown Source)
    at lotus.domino.axis.client.AxisClient.invoke(Unknown Source)
    at lotus.domino.axis.client.Call.invokeEngine(Unknown Source)
    at lotus.domino.axis.client.Call.invoke(Unknown Source)
    at lotus.domino.axis.client.Call.invoke(Unknown Source)
    at lotus.domino.axis.client.Call.invoke(Unknown Source)
    at lotus.domino.axis.client.Call.invoke(Unknown Source)
    at lotus.domino.websvc.client.Call.invoke(Unknown Source)
    at com.e_conomic.EconomicWebServiceSoapStub.connect(EconomicWebServiceSoapStub.java:9032)
    at JavaAgent.NotesMain(JavaAgent.java:20)
    at lotus.domino.AgentBase.runNotes(Unknown Source)
    at lotus.domino.NotesThread.run(Unknown Source)
Caused by: Error connecting to 'api.mywebiste.com' on port '443', SSL invalid certificate, may need to cross-certify.
    at lotus.domino.axis.transport.http.NotesSocket.<init>(Unknown Source)
    at lotus.domino.axis.transport.http.HTTPSender.getSocket(Unknown Source)

推荐答案

所以主要的错误是这样.

So the main error is this.

SSL无效证书，可能需要交叉验证.

SSL invalid certificate, may need to cross-certify.

为了使Notes正确识别SSL证书，您还需要确保也导入了整个SSL链.最重要的是，它必须与您的组织证书(或用户的个人证书)进行交叉认证.

In order for Notes to correctly recognise the SSL certificate you also need to ensure that the whole SSL chain is imported as well. On top of this it has to be cross certified with your organisations certificate (or the users personal certificate).

以下详细说明如何为R9的服务器执行此操作.

The following details how to do this for the server for R9.

https://serverfault.com/questions/505273/java-certificateexception-in-domino-9-when-trying-to-access-https-url/515189#515189

对于本地客户端来说，该过程应该有点相似.您打开个人NAB并转到高级->证书视图.

It should be somewhat similar process for the local client. You open the personal NAB and go to the advanced->certificates view.

这篇关于SSL无效证书，可能需要交叉验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！