问题是通过HTTPS连接到MobileFirst Server [英] Issue connecting to MobileFirst Server via HTTPS

问题描述

我们有一个连接到MobileFirst Server的应用程序。我们的应用程序通过HTTP连接正常，但它不会通过HTTPS连接。 App本身是使用Xcode构建的原生iOS应用程序。

We have an app that connects to a MobileFirst Server. Our app connects fine via HTTP, however it will not connect via HTTPS. The App itself is a native iOS app built with Xcode.

我们在服务器上有自签名证书。服务器设置为按顺序将整个证书密钥链传递回客户端（Root，Intermediate，最后是服务器证书）。

We have a self signed certificate on the server. The server is setup to pass the whole certificate keychain back to the client (Root, Intermediate and finally the server certificate) in that order.

所有这些证书都已安装在根据这些规格

All these certificates have been installed on the client iOS device as well, according to these specifications

通过HTTPS连接会导致客户端上出现以下错误/日志。服务器。这是在Liberty Websphere Application Server上使用Mobile First 6.3。

Connecting via HTTPS results in the following errors/logs on the client & server. This is using Mobile First 6.3 on Liberty Websphere Application Server.

客户端：

2015-03-13 09:52:30.133 WFM[80268:291046] [DEBUG] [WL_CONFIG] -[WLConfig init] in WLConfig.m:68 :: {
"application id" = WFM;
"application version" = "1.0";
environment = iOSnative;
host = "xxxxxxxx";
platformVersion = "6.3.0.00.20141127-1357";
port = 9443;
protocol = https;
wlServerContext = "/worklight/";
wlUid = "wY/mbnwKTDDYQUvuQCdSgg==";
}
2015-03-13 09:52:30.421 WFM[80268:291046] [TRACE] [WL_AUTH] -[WLDeviceAuthManager getWLUniqueDeviceId] in WLDeviceAuthManager.m:71 :: returning UUID from the keychain
2015-03-13 09:52:30.435 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] +[WLAFHTTPClientWrapper requestWithURL:] in WLAFHTTPClientWrapper.m:37 :: Request url is https://xxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/init
2015-03-13 09:52:30.452 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:119 :: Request timeout is 60.000000
2015-03-13 09:52:30.465 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:195 :: Sending request (https://xxxxx:9443/worklight/apps/services/api/WFM/iOSnative/init) with headers: 
{
"Accept-Language" = en;
"User-Agent" = "WFM/1 (iPhone Simulator; iOS 8.1; Scale/2.00)/WLNativeAPI/6.3.0.00.20141127-1357";
"X-Requested-With" = XMLHttpRequest;
"x-wl-app-version" = "1.0";
"x-wl-clientlog-appname" = WFM;
"x-wl-clientlog-appversion" = "1.0";
"x-wl-clientlog-deviceId" = "F986FBE9-C91C-459A-BCCE-591B6822D267";
"x-wl-clientlog-env" = iOSnative;
"x-wl-clientlog-model" = "x86_64";
"x-wl-clientlog-osversion" = "8.1";
"x-wl-platform-version" = "6.3.0.00.20141127-1357";
}
Post Data: action=test&isAjaxRequest=true
2015-03-13 09:52:30.500 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper start] in WLAFHTTPClientWrapper.m:182 :: Starting the request with URL 
2015-03-13 09:52:30.513 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:200 :: waiting for response... (Thread=<NSThread: 0x7fhttps://xxxxx.com:9443/worklight/apps/services/api/WFM/iOSnative/initc1ce110ba0>{number = 1, name = main})
Loading
2015-03-13 09:52:30.769 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:209 :: Request Failed
2015-03-13 09:52:30.781 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:210 :: Response Status Code : 0
2015-03-13 09:52:30.794 WFM[80268:291046] [DEBUG] [WL_AFHTTPCLIENTWRAPPER_PACKAGE] -[WLAFHTTPClientWrapper requestFailed:error:] in WLAFHTTPClientWrapper.m:211 :: Response Error : The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
2015-03-13 09:52:30.838 WFM[80268:291046] [ERROR] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:354 :: Status code='0' error='The operation couldn’t be completed. (NSURLErrorDomain error -1012.)' response='(null)'
2015-03-13 09:52:30.850 WFM[80268:291046] [DEBUG] [WL_REQUEST] -[WLRequest requestFailed:error:] in WLRequest.m:357 :: Response Header: (null)
Response Data: (null)
2015-03-13 09:52:30.860 WFM[80268:291046] [ERROR] [WL_CLIENT] -[WLClient onInitRequestFailure:userInfo:] in WLClient.m:1030 :: onInitRequestFailure
AD WL failed
The operation couldn’t be completed. (NSURLErrorDomain error -1012.)
C.WLErrorCode
0

服务器：

messages.log 或控制台中没有任何内容。记录文件。我启用了跟踪：< logging traceSpecification =SSL = all：SSLChannel = all/> 并在 trace.log中看到以下内容/ code> file

Nothing in the messages.log or console.log files. I enabled tracing: <logging traceSpecification="SSL=all:SSLChannel=all"/> and seeing the following in the trace.log file

[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > init, vc=1088683271 Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < init Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > ready, vc=1088683271 Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel > getSSLContextForInboundLink Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 host=* port=9443 endPoint=defaultHttpEndpoint-ssl
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 Querying security service for alias=[defaultSSLConfig]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getProperties Entry 
defaultSSLConfig
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
null
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getSSLPropertiesOnThread Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getProperties
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getSSLPropertiesOnThread Exit 
Thread properties are NULL.
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > getSSLConfig: defaultSSLConfig Entry 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < getSSLConfig Exit 
SSLConfig.toString() {
com.ibm.ssl.keyStorePassword=********
com.ibm.ssl.daysBeforeExpireWarning=60
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.keyStoreName=defaultKeyStore
config.displayId=keyStore[defaultKeyStore]
com.ibm.ssl.trustStoreReadOnly=false
com.ibm.ssl.contextProvider=SunJSSE
com.ibm.ssl.keyStoreFileBased=true
com.ibm.ssl.alias=defaultSSLConfig
com.ibm.ssl.keyManager=SunX509
com.ibm.ssl.keyStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
com.ibm.ssl.trustStoreInitializeAtStartup=true
com.ibm.ssl.keyStoreType=jks
com.ibm.ssl.clientAuthentication=false
com.ibm.ssl.keyStoreInitializeAtStartup=true
config.source=file
alias=defaultSSLConfig
id=defaultKeyStore
service.factoryPid=com.ibm.ws.ssl.keystore
config.id=com.ibm.ws.ssl.keystore[defaultKeyStore]
com.ibm.ssl.trustStore=C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
service.pid=com.ibm.ws.ssl.keystore_133
com.ibm.ssl.tokenEnabled=false
com.ibm.ssl.trustManager=PKIX
com.ibm.ssl.protocol=SSL
com.ibm.ssl.trustStorePassword=********
com.ibm.ssl.trustStoreName=defaultKeyStore
com.ibm.ssl.keyStoreCreateCMSStash=false
config.overrides=true
com.ibm.ssl.trustStoreCreateCMSStash=false
sslRef=defaultSSLConfig
com.ibm.ssl.keyStoreReadOnly=false
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustStoreType=jks
com.ibm.ssl.validationEnabled=false
}
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager > determineIfCSIv2SettingsApply Entry 
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.ssl.config.SSLConfigManager < determineIfCSIv2SettingsApply (original settings) Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getProperties -> direct Exit 
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 SSL configuration <null value means non-string>:
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStorePassword = ********
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.daysBeforeExpireWarning = 60
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreName = defaultKeyStore
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.displayId = keyStore[defaultKeyStore]
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreReadOnly = false
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.contextProvider = SunJSSE
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreFileBased = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.alias = defaultSSLConfig
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyManager = SunX509
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreInitializeAtStartup = true
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreType = jks
[13/03/15 10:29:53:921 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.clientAuthentication = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreInitializeAtStartup = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.source = file
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 alias = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 id = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.factoryPid = com.ibm.ws.ssl.keystore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.id = com.ibm.ws.ssl.keystore[defaultKeyStore]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStore = C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 service.pid = com.ibm.ws.ssl.keystore_133
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.tokenEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustManager = PKIX
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.protocol = SSL
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStorePassword = ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreName = defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 config.overrides = true
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreCreateCMSStash = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 sslRef = defaultSSLConfig
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.keyStoreReadOnly = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.securityLevel = HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.trustStoreType = jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel 3 com.ibm.ssl.validationEnabled = false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreType: jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory > getInstance: null Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.JSSEProviderFactory < getInstance: com.ibm.ws.ssl.provider.SunJSSEProvider@8ae8a43 Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 keyStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStore: C:/Program Files/IBM/WebSphere/Liberty/usr/servers/WorklightServer/resources/security/key.jks
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStoreName: defaultKeyStore
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.SSLConfig 3 trustStorePassword: ********
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider > getSSLContext Entry 
{com.ibm.ssl.remotePort=9443, com.ibm.ssl.direction=inbound, com.ibm.ssl.remoteHost=*, com.ibm.ssl.endPointName=defaultHttpEndpoint-ssl}
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 setOutboundConnectionInfoInternal :null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider 3 outboundConnectionInfo: null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.provider.AbstractJSSEProvider < getSSLContext -> (from cache) Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLChannel < getSSLContextForInboundLink Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > getSSLEngine Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig > getEnabledCipherSuites Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants > adjustSupportedCiphersToSecurityLevel Entry 
(63) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 TLS_EMPTY_RENEGOTIATION_INFO_SCSV TLS_DH_anon_WITH_AES_128_CBC_SHA256 TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_RC4_128_SHA SSL_DH_anon_WITH_RC4_128_MD5 SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_SHA256 TLS_ECDHE_ECDSA_WITH_NULL_SHA TLS_ECDHE_RSA_WITH_NULL_SHA SSL_RSA_WITH_NULL_SHA TLS_ECDH_ECDSA_WITH_NULL_SHA TLS_ECDH_RSA_WITH_NULL_SHA TLS_ECDH_anon_WITH_NULL_SHA SSL_RSA_WITH_NULL_MD5 TLS_KRB5_WITH_3DES_EDE_CBC_SHA TLS_KRB5_WITH_3DES_EDE_CBC_MD5 TLS_KRB5_WITH_RC4_128_SHA TLS_KRB5_WITH_RC4_128_MD5 TLS_KRB5_WITH_DES_CBC_SHA TLS_KRB5_WITH_DES_CBC_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_RC4_40_SHA TLS_KRB5_EXPORT_WITH_RC4_40_MD5
HIGH
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.Constants < adjustSupportedCiphersToSecurityLevel -> (9) TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLLinkConfig < getEnabledCipherSuites Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth needed is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Client auth supported is false
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Calling beginHandshake on engine
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < getSSLEngine, hc=939063257 Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 SSL engine hc=939063257 associated with vc=1088683271
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > readyInbound, vc=1088683271 Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Initial read bytes: 193
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 Before unwrap
netBuf: hc=978838596 pos=0 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 1 After unwrap
netBuf: hc=978838596 pos=193 lim=193 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
status=OK HSstatus=NEED_TASK consumed=193 produced=0
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils > handleHandshake, engine=939063257 Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_TASK
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseEngineServerAlias Entry 
RSA
null
37f8f7d9[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > chooseServerAlias Entry 
RSA
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper > getInboundConnectionInfo Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.config.ThreadContext 3 getInboundConnectionInfo
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.websphere.ssl.JSSEHelper < getInboundConnectionInfo Exit 
null
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseServerAlias (from JSSE) Exit 
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < chooseEngineServerAlias: wfm_app_server Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getPrivateKey Entry 
wfm_app_server
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getPrivateKey -> true Exit 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager > getCertificateChain: wfm_app_server Entry 
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager 3 getX509KeyManager -> sun.security.ssl.SunX509KeyManagerImpl
[13/03/15 10:29:53:937 AEDT] 00000073 id= com.ibm.ws.ssl.core.WSX509KeyManager < getCertificateChain Exit 
[
[
Version: V3
Subject: OID.0.9.2342.19200300.100.1.3=bradley.dcosta@au1.ibm.com, UID=376595616, CN=xxxxx.com, OU=GBS, O=ibm.com, L=St. Leonards, ST=St. Leonards, C=AU
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 1024 bits
modulus: 0000
public exponent: 0000
Validity: [From: Tue Mar 03 16:00:00 AEDT 2015,
To: Fri Mar 02 15:59:59 AEDT 2018]
Issuer: CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US
SerialNumber: [ 4fb7]

Certificate Extensions: 6
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
00000
]
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL41, CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US]
, DistributionPoint:
[URIName: http://xxxxxx.com:2001/PKIServ/cacerts/CRL41.crl]
]]

[3]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 6A 68 74 74 70 3A 2F 2F 77 33 2D 30 33 2E 69 .jhttp://w3-03.i
0010: 62 6D 2E 63 6F 6D 2F 74 72 61 6E 73 66 6F 72 6D bm.com/transform
0020: 2F 73 61 73 2F 61 73 2D 77 65 62 2E 6E 73 66 2F /sas/as-web.nsf/
0030: 43 6F 6E 74 65 6E 74 44 6F 63 73 42 79 54 69 74 ContentDocsByTit
0040: 6C 65 2F 49 6E 66 6F 72 6D 61 74 69 6F 6E 2B 54 le/Information+T
0050: 65 63 68 6E 6F 6C 6F 67 79 2B 53 65 63 75 72 69 echnology+Securi
0060: 74 79 2B 53 74 61 6E 64 61 72 64 73 ty+Standards

], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 00000

]] ]
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]

[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 19 00 5A 9D FA 45 CF 0E E5 F6 6F 0E A2 7E 12 8E ..Z..E....o.....
0010: FC A5 F5 63 ...c
]
]

]
Algorithm: [SHA256withRSA]
Signature:
0000000

]
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 After task, hsstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 status=OK HSstatus=NEED_WRAP
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap: 
encBuf: hc=1861873243 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap: 
encBuf: hc=1861873243 pos=0 lim=1906 cap=24576
status=OK HSstatus=NEED_UNWRAP consumed=0 produced=1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 Write bytes: 1906
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Get ready to decrypt data, netBuf: hc=978838596 pos=0 lim=8192 cap=8192
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Nothing was in the buffer
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Do async read
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 Read is not done. Callback will be used.
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils 3 after handshake loop, status=OK HSstatus=NEED_UNWRAP, fromCallback=false, engine=939063257
netBuf: hc=978838596 pos=0 lim=8192 cap=8192
decBuf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLUtils < handleHandshake Exit 
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < readyInbound Exit 
[13/03/15 10:29:53:984 AEDT] 00000073 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < ready Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLHandshakeIOCallback 3 Error occured during a read, exception:java.io.IOException: Connection closed: Read failed. Possible end of stream encountered. 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > error (handshake), vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink 3 Caught exception during unwrap, java.io.IOException: Connection closed: Read failed. Possible end of stream encountered. 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > close, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext > close Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLWriteServiceContext < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext > close, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLReadServiceContext < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > shutDownSSLEngine: isServer: true isConnected: true com.ibm.ws.channel.ssl.internal.SSLConnectionLink@5a8fd148 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils > flushCloseDown Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 before wrap: 
buf: hc=1615546952 pos=0 lim=24576 cap=24576
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 after wrap: 
buf: hc=1615546952 pos=0 lim=7 cap=24576
status=CLOSED consumed=0 produced=7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils 1 write bytes: 7
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < flushCloseDown Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLUtils < shutDownSSLEngine Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink > destroy, vc=1088683271 Entry 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < destroy Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < close Exit 
[13/03/15 10:29:53:999 AEDT] 00000029 id= com.ibm.ws.channel.ssl.internal.SSLConnectionLink < error (handshake), vc=1088683271 Exit 

推荐答案

一对夫妇建议...

1. 需要在设备上安装的所有东西都是根CA.没有其他的。通过电子邮件或安全下载链接将此根CA安装到设备信任库上非常重要（不要使用浏览器的证书导入）。


2. 确保服务器的服务顺序证书链，顺序正确。 iOS在这里要比Android严格得多，如果订单不正确，则不会信任服务器。


3. 确保服务器证书的公用名与主机名匹配，而不是IP。需要使用主机名。


4. 尝试使用诊断工具来帮助调试与SSL相关的问题。例如，这将有助于验证ssl路径问题：
   
   openssl s_client -CApath $ HOME / CAdir -connect hostname：port

1. All that needs to be installed on the device is the root CA. Nothing else. And it's important that you install this root CA onto the device truststore via email or a secure download link (do not use the browser's cert import).
2. Ensure that the order in which the server serves the certificate chain, is in the correct order. iOS is much more strict than Android here, and will not trust the server if the order is not correct.
3. Ensure that the server certificate common name matches the hostname and not an IP. The use of hostname is required.
4. Try using a diagnostic tool to help debug SSL related issues. For example this will help validate ssl path issues:
   openssl s_client -CApath $HOME/CAdir -connect hostname:port

这篇关于问题是通过HTTPS连接到MobileFirst Server的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！