通过 https 的 Tibco SOAP 请求 - SSL 证书验证问题
我正在使用 Tibco BusinessWorks 通过 HTTPS 连接使用 SOAP Web 服务。
这些说明归结为:
- 使用 Web 浏览器导出证书。
- 使用“工具”->“受信任的证书”->“将 PEM 格式导入到项目内的文件夹”。
- 在“传输详细信息”选项卡的“SSL 配置”中,指向将其导入到的受信任证书文件夹。
--或者--
使用 BW_GLOBAL_TRUSTED_CA_STORE 全局变量指向外部文件夹 (file:///c:/tibco/certs) 并将证书以 pem 格式放入其中。
我已经尝试了两种方法,但仍然出现以下错误:
iaik.security.ssl.SSLException:服务器证书被 ChainVerifier 拒绝
我尝试通过 Firefox 和 IE 导出它们。 采用不同的格式,包括所有密钥和单独的密钥,但错误仍然存在。
我需要做一些更具体的事情,或者有没有办法打开证书验证程序的调试? 我尝试过调高设计器的调试级别,但我不确定我是否正确执行了该操作。
任何帮助都会很棒。
非常感谢!
I'm using Tibco BusinessWorks to consume a soap web service over an HTTPS connection.
The instructions boil down to:
- Export certificates using a web browser.
- Use the Tools->Trusted Certificates->Import PEM format to folder within the project.
- In the SSL Config of the Transport Details tab, point to the trusted certs folder you imported them to.
--OR--
Use the BW_GLOBAL_TRUSTED_CA_STORE global variable to point to an external folder (file:///c:/tibco/certs) and put the certs there in pem format.
I've tried both ways, and still end up with the error below:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
I've tried exporting them via firefox and IE. In different formats including all keys and individually, yet the error still persists.
Is there something more specific that I need to do or is there a way to turn up the debugging for the cert verifier? I've tried turning up the debug level for designer, but I'm not sure I'm doing that correctly.
Any help would be wonderful.
Thanks much!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
问题在于受信任的证书路径中没有实际根证书。
通过使用 OpenSSL 导出证书
并从那里复制所有证书可以轻松解决此问题。
The issue was not having the actual root certificate in the trusted certs path.
This was easily solved by exporting certificates using OpenSSL:
and copying all the certificates from there.
无需在 BW 项目中保留证书。
只需将您的证书路径提供给 GV、BW_GLOBAL_TRUSTED_CA_STORE 并转到您使用肥皂请求回复调色板的进程,并在受信任的证书路径中提供全局变量的引用并保存该进程。
然后运行您的 BW 进程
No need to keep certificates in your BW Project.
Just give your certificates path to GV, BW_GLOBAL_TRUSTED_CA_STORE and go to your process where you are using the soap request reply pallette and give the reference of the global variable in trusted certificate path and save the process.
Then run your BW Process
内森自己的答案对我有用。 复制证书时,文件扩展名应为 .cert。
但是,如果我将带有 ssl 证书的流程导出到设计时库 (.projlib) 并将该库导入到另一个 BW 项目中,则 Designer/BW 要求每个证书文件不应包含多个证书。
Nathan's own answer worked for me. When copying a certificate the file extension should be .cert.
However if I export my process with the ssl certificates to a design time lib (.projlib) and import the library in another BW project then Designer/BW requires that each certificate file should not contain more than one certificate.