Worklight：Canno通过https访问WL服务器，其中CA证书已设置 [英] Worklight: Canno access the WL server over https where CA certificate is setup

问题描述

最近，我的Test Worklight服务器已通过https协议和SSL设置进行配置和保护（已添加CA证书）。

Recently, my Test Worklight server has been configured and secured via https protocol and SSL setup (CA certificate is added).

但是，我的移动应用程序无法连接到现在WL服务器并收到错误。之前，它可以通过http协议正常连接到WL服务器。

However, my mobile app cannot connect to the WL server now and get an error. Before, it can connect to the WL server normally with http protocol.

我根据Device_Provisioning_concepts.pdf做了一些测试（自动配置和自定义配置的代码 - module_25_0_CustomDeviceProvisioningCustomProvAppAndroid）文档，但它们不适用于测试环境。

I did some tests (exmaples for Auto Provisioning and Custom Provisioning - module_25_0_CustomDeviceProvisioningCustomProvAppAndroid) based on the Device_Provisioning_concepts.pdf document, but they didn't work on Test env.

我认为应该是某些设置未成功配置，因此WL服务器未颁发证书到移动应用程序。我不确定。
有什么想法？

I think it should be that some settings were not configured successfully, so that WL server didn't issue the certificate to the mobile app. I am not sure. Any idea?

信息：

1. WL servsion：5.0 .6.1，企业版;


2. 首先不安装App中心移动应用程序，只需通过App Center的网址安装MyApp;



3. 混合应用程序

1. WL servsion: 5.0.6.1, Enterprise Version;
2. Not install the App center mobile application firstly, just install MyApp via the web url of App Center;

3. Hybrid application

[错误] [https：// serverhost：9443 / demo / apps / services / api / AuthDemo / iphone / query]主机没有响应。

[ERROR] [https://serverhost:9443/demo/apps/services/api/AuthDemo/iphone/query] Host is not responsive.

推荐答案

正如安东所说，移动设备不信任证书。您收到主机无响应错误的原因是因为SSL握手失败，因为设备不信任服务器的证书，因此从未创建HTTPS连接，并且它将其解释为好像找不到服务器，因为SSL握手发生在比HTTP更低的级别，并且无法区分这两种情况。如果要查看SSL错误，则必须使用Wireshark或Charles等程序查看网络流量。

As Anton said, the certificate is not being trusted by the mobile device. The reason you get a 'Host is not responsive' error is because the SSL handshake failed because the device did not trust the server's certificate, so an HTTPS connection was never created, and it interprets it as if it did not find the server, because the SSL handshake occurs at a lower level than HTTP, and it cannot distinguish between both cases. If you want to see the SSL errors, you will have to use a program like Wireshark or Charles to look at the network traffic.

如果要使用此不受信任的CA证书，您必须手动将CA证书导入设备的可信证书存储区，以便设备信任。这因平台而异。例如，在Android和iOS上，您可以将证书通过电子邮件发送到设备（它必须是.crt格式），然后当您打开它时，设备将允许您导入证书。手动信任证书后，应用程序应该可以正常工作。

If you want to use this untrusted CA certificate, you will have to manually import the CA certificate to the device's trusted certificate store so that the device trusts . This varies from platform to platform. For example, on Android and iOS, you can email the certificate to the device (it has to be in .crt format), and then when you open it, the device will let you import the certificate. After manually trusting the certificate, the application should work.

这篇关于Worklight：Canno通过https访问WL服务器，其中CA证书已设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！