Windows 7和8下的Chrome无法通过HTTPS连接到嵌入式Jetty 9.2.x [英] Chrome under Windows 7 and 8 cannot connect to embedded Jetty 9.2.x over HTTPS

问题描述

我们将嵌入式模式下的Jetty 9.2.x与Restlet 2.3.1结合使用来开发我们的应用服务器。最近，我们启用了对HTTPS的支持，HTTPS使用由自行建立的CA签署的认证。

在Linux和Mac操作系统下，从各种网络浏览器连接到此服务器时，一切正常。但是，当我们将测试用于运行Windows 7和8（所有机器位于同一局域网）上的机器时，我们发现Chrome浏览器（版本42.x）不会建立连接，报告

此网页不可用

ERR_FAILED $ b

https：// host_name：9999 / 可能会暂时关闭，或者它可能已永久移动到新的网址。试图分析浏览器和服务器之间的TCP / IP消息，表明HTTPS握手不成功。令人惊讶的是，在Windows XP下一切正常。

不幸的是，我们不确定如何进一步尝试解决这个问题。对所描述情况的可能原因或解决方案有何建议？还有人注意到，在Windows 7/8下的Firefox能够建立连接，但由于缺乏对HTML5导入的支持而没有呈现页面。通过观察来自Firefox的页面源代码来确认。自签名证书解决了连接问题。这表明在自行建立的CA签署证书时存在一些问题，这似乎是特定于操作系统/ Web浏览器的组合。

解决方案

已经确定最初使用的证书有问题。更具体地说，它的通用名称包含一个值，该值未被识别为合适的域名。生成一个新的证书，使用自行建立的CA进行签名，但在属性通用名称中提供了合适的（虽然未注册的）域名已解决该问题。

因此颁发证书的最初意图是将其用于内部开发目的而不是公共消费。因此，输入通用名称属性以反映证书的本地性质（例如application-name.local）。

We're using Jetty 9.2.x in the embedded mode in conjunction with Restlet 2.3.1 to develop our application sever. Recently we've enabled support for HTTPS, which utilises a certificated signed by a self-established CA.

Everything seemed to be working correctly when connecting to this server from various web browsers under Linux and Mac operating systems. However, when we expended out testing to machines running Windows 7 and 8 (all machines are on the same LAN), we've discovered that the Chrome browser (ver. 42.x) would not establish a connection, reporting

This web page is not available

ERR_FAILED

The webpage at https://host_name:9999/ might be temporarily down or it may have moved permanently to a new web address.

Trying to analyse TCP/IP messages between the browser and the server suggests that HTTPS handshake does not succeed. Surprisingly, everything works correctly under Windows XP.

Unfortunately, we're not sure how to proceed any further in trying to solve this problem. Any suggestions as to a possible cause or a solution to the described situation?

It has also beed observed that Firefox under Windows 7/8 was able to establish the connection, but did not render the page due to lack of HTML5 imports support. This was confirmed by observing the page source from Firefox.

Edit: Configuring Jetty to use a self-signed certificate resolved the connectivity problem. This suggests that there is some issue with signing a certificate by a self-established CA, which seems to be specific to an operating system/web browser combination.

解决方案

It has been identified that the originally used certificate was at fault. More specifically, its Common Name contained a value, which was not recognised as a suitable domain name. Generating a new certificate, signed with a self-established CA, but providing a suitable (albeit not registered) domain name in property Common Name has solved the problem.

The very original intent for thus issued certificate was to use it for internal development purposes and not for public consumption. Thus, the Common Name property was entered to reflect the local nature of the certificate (e.g. application-name.local).

这篇关于Windows 7和8下的Chrome无法通过HTTPS连接到嵌入式Jetty 9.2.x的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！