IBM Worklight:使用Load Balancer在测试环境中的自签名CA实施 [英] IBM Worklight: Self-signed CA implementation in Testing environment with Load Balancer

问题描述

我在测试环境中具有以下实现方式，

1. 前端服务器[IBM HTTP Server + IBM Websphere插件]
2. WLServer1 [IBM Worklight 6.2 + IBM DB2 10.1+ Liberty Farm 8.5.5.1]和
3. WLServer2 [IBM Worklight 6.2 + IBM DB2 10.1+ Liberty Farm 8.5.5.1].

从每个Worklight服务器生成了

plugin-cfg.xml 并进行了合并.

一旦合并的plugin-cfg.xml已部署在前端服务器的 IBM Websphere插件中，来自多个设备的请求[http]已定向到worklight服务器.

我如何实现相同的服务HTTPS请求.

我还从Worklight模块中实现了"UserCertificateAuthenticationProject"，该模块将设备[ HTTPS ]直接连接到Worklight服务器.

注意仅在Android上进行过测试.

帮助我了解如何通过IHS在测试环境中实现HTTPS.

在生产环境中应该执行什么程序?

注意:IBM Worklight 6.2支持Android，IOS，Blackberry& Windows，因此我必须在所有平台上实施.

解决方案

听起来您遇到的问题与此类似: https://stackoverflow.com/a/21914147/2245921 出现主机无响应错误的原因有两个:

1. 您的设备无法访问您的服务器(它们不在同一网络中)
2. 设备不信任服务器的证书

由于您可以连接到HTTP连接，因此它不是#1，因此应该是#2.我上面指出的其他问题的答案应该可以解决您的问题.确保在WL Logger中打开跟踪级别的日志，以便您可以看到有关不受信任证书的异常.

扩展此答案；要使用HTTPS，您的服务器需要使用SSL证书来标识自己，否则该设备将无法证明它已连接到正确的服务器，而不是连接到某些可能是恶意的随机服务器.您应该已经拥有在服务器中使用的证书.如果没有，请继续阅读.

通常可以从以下两个位置之一获取SSL证书:您使用由受信任的证书颁发机构(例如Verisign)颁发给您的证书，或者创建一个用于内部测试的证书.在您的情况下，您可能想创建自己的，因此您应该按照"Client X.509证书认证和用户注册"入门此处.完成此操作后，最后一步是让您的设备信任服务器的证书.为此，请遵循上面入门中的最后一部分，该部分向您展示如何使iOS/Android设备信任该服务器.您还必须查找如何在Windows和Blackberry上执行此操作.

此后，您现在应该能够通过HTTPS成功连接. (始终确保当您收到主机无响应"错误时，仍然可以通过浏览器连接到HTTP控制台，以确保您连接到与服务器相同的网络.我知道您已经这样做了您在问题中指定的内容，是为了提醒您，因为它很容易忘记.)

I have the following implementation in testing environment,

1. Front-end Server [IBM HTTP Server + IBM Websphere plugin],
2. WLServer1 [IBM Worklight 6.2 + IBM DB2 10.1+ Liberty Farm 8.5.5.1] and
3. WLServer2 [IBM Worklight 6.2 + IBM DB2 10.1+ Liberty Farm 8.5.5.1].

plugin-cfg.xml has been generated from each Worklight server and merged.

The request[http] from multiple devices has been directed to worklight server's alternatively, once the merged plugin-cfg.xml has been deployed in Front-end server's IBM Websphere plugin.

How I can implement the same to serve HTTPS request.

And also I have implemented the "UserCertificateAuthenticationProject" from the Worklight modules which connects the device[HTTPS] to Worklight server directly.

Note Tested it on Android only.

Help me to understand, How I can achieve HTTPS in Test environment via IHS.

What should be the procedure in Production environment?

Note IBM Worklight 6.2 supports Android, IOS, Blackberry & Windows, so I have to implement in all platforms.

解决方案

It sounds like the problem you are having is similar to this one: https://stackoverflow.com/a/21914147/2245921 The Unresponsive Host error occurs for one of two reasons:

1. Your device cannot reach your server (they are not in the same network)
2. The device does not trust the server's certificate

Since you can connect to your HTTP connection, it is not #1, so it should be #2. The answer to the other question I pointed to above should fix your problem. Make sure to turn on trace-level logs in the WL Logger so that you can see the exceptions regarding untrusted certificates.

Edit: To expand on this answer; to use HTTPS, your server needs an SSL certificate to identify itself, otherwise the device has no proof that it is connecting to the right server and not to some random server that could be malicious. You should already have a certificate that you are using in your server; if you don't, then read on.

You usually get an SSL certificate from one of two places: you either use a certificate issued to you by a trusted Certificate Authority (e.g., Verisign), or you create one for internal testing purposes. In your case, you probably want to create your own, so you should follow the "Client X.509 Certificate Authentication and User Enrollment" getting started here, specifically the parts that talk about generating the server certificate.

Once you have that certificate set up, you should configure your server to use it; for that, follow the instructions here. After doing this, the last step is to have your device trust your server's certificate. For this, follow the last part in the getting started above, which shows you how to make your iOS/Android device trust the server. You would have to look up how to do this on Windows and Blackberry, too.

After this, you should now be able to connect successfully via HTTPS. (Always make sure that when you get an "Unresponsive host" error, that you can still connect to the HTTP console via the browser, to make sure that you are connected to the same network as your server. I know you already did this as you specified in your question, I'm just mentioning it as a reminder since it is easy to forget this.)

这篇关于IBM Worklight:使用Load Balancer在测试环境中的自签名CA实施的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！