Question

我正在LotusScript中开发一个后台代理（和一个Web代理），它必须使用第三方提供的RESTful Web服务。出于显而易见的原因，他们使用SSL保护他们的服务。

在Notes客户端中，我设法接受该站点发出的证书。代理完全按照我的意愿行事，所有通信都可以正常工作。但是当我在服务器上尝试后台代理（R8.5.3FP2）时：

12/07/2013 11:46:17连接中断：SSL错误：远程证书错误或丢失

有关代码的一些细节：

NotesDocument.GetDocumentByURL
Web Retriever（web.exe）正在服务器上运行（需要该任务）

我在Firefox中使用我用来连接服务的URL打开了同一页面。页面打开正确，页面信息允许我创建证书文件（.der或.p7c，它们都被Domino Admin接受）。然后我打开了Admin，转到Configuration / Security / Certificates / Certificates，并使用了导入Internet证书的操作。两个文件都可以成功导入。不过，没有运气......

如果您有好主意，请分享，我确实需要一个。或者这可能是那么困难吗？

谢谢！

从控制台跟踪信息：

12/07/2013 22:47:16,82 [01E8:0005-0E40] ReadKeyfile> Recovering password from stash file
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Password is 
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Reading keyfile E:\Lotus\Domino\data\keyfile.kyr
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Read failed: file not found
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Exit status = 259
12/07/2013 22:47:16,85 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error 0 to 0
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0000 (Unknown Cipher)
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> SSL Undetermined attempt
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Enter len = 66
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000000: 80 40 01 03 00 00 27 00 00 00 10 00 00 04 00 00   '.@....'.........'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000010: 05 00 00 2F 00 00 35 00 00 0A 00 00 09 00 00 62   '.../..5........b'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000020: 00 00 03 00 00 02 00 00 01 00 00 01 01 00 80 02   '................'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000030: 00 80 B0 AC 0E 39 84 F7 C8 D1 1A A6 D6 10 CA C9   '..0,.9.wHQ.&V.JI'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000040: 9C 00                                             '..'
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Switching Endpoint to sync
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Posting a nti_snd for 66 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_EncryptData> SSL not init exit
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Switching Endpoint to async
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_EncryptDataCleanup> SSL not init exit
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> nti_done return 66 bytes rc = 0
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Exit, wrote 66 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Enter len = 1
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 1 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> nti_done return 1 bytes rc = 0
12/07/2013 22:47:16,96 [01E8:0005-0E40] SSL_RCV> 00000000: 00                                                '.'
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Exit, read 1 bytes
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Enter len = 4
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 4 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 4 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> 00000000: 00 00 00 00                                       '....'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 4 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 74
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 74 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 74 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> -- 64 (0x0040) bytes of 0 --
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 74 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: 2 State: 6 Key Exchange: 0 Cipher: 0x0000 (Unknown Cipher)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: SSL_server_hello
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Exit> Message: 2 State: 6 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Enter> Processed : 2 State: 6
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Enter> Processed : SSL_server_hello
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Exit> State : 8
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake state= 8 Status= -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -5000 to 4176
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 5
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 5 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 5 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> 00000000: 02 00 00 46 03                                    '...F.'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 5 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 3661
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 3661 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 3661 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> -- 3648 (0x0E40) bytes of 0 --
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 3661 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: 11 State: 8 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: SSL_certificate
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLCheckCertChain> Invalid certificate chain received
Cert Chain Evaluation Status: err: 3659, Cannot establish trust in a certificate or CRL.
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLSendAlert> Sending an alert of 0x0 level 0x2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Exit> Message: 11 State: 2 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Changing SSL status from -6986 to -5000 to flush write queue
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake2 state 2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -5000 to 4176
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Enter len = 7
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Xmt> 00000000: 15 03 00 00 02 02 00                              '.......'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Posting a nti_snd for 7 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_EncryptData> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_EncryptDataCleanup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> nti_done return 7 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Exit, wrote 7 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake2 state 2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -6986
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -6986 to 4163
12/07/2013 22:47:17   Connection interrupted: SSL Error: Bad or missing remote certificate

再次，更多信息。创建了交叉证书（实际上是Go Daddy，验证者）： cross-certificate created 不过，没有运气。我要求管理员对另一方进行交叉认证，它不会受到伤害，可能确实是缺失的环节。更多要关注。

这也没有帮助，交叉证书已经创建，服务器仍然抱怨远程证书。

然后我想：好吧，让我们模仿我为取得个人证书而采取的行动。我在我的个人通讯录中创建了一个信任，将该文档复制到服务器上，然后，我的网络代理突然开始工作 !!

仍然是一个问题：它应该如何运作？这记录在哪里？如果有的话？

感谢您的支持！

如何使用SSL在Lotus Domino中使用RESTful Web服务

0 个答案: