堆栈内存溢出
  简体   繁体   English

使用Bluemix安全网关和TLS连接到本地DB2服务器

[英]Connect to on premises DB2 server using Bluemix secure gateway and TLS

 原文  2016-10-04 14:21:11       ssl/ ibm-cloud/ tls1.2/ secure-gateway

问题描述

I have been trying to connect my Node.js Public Bluemix app to a DB2 server which is behind a firewall using the secure gateway service of Bluemix. 我一直在尝试使用Bluemix的安全网关服务将Node.js Public Bluemix应用程序连接到位于防火墙后面的DB2服务器。 When I try that by just using TCP everything works fine. 当我尝试仅使用TCP时,一切正常。 I am now trying to use the TLS:Mutual Auth option and I can't make it work. 我现在正尝试使用TLS:Mutual Auth选项,但无法使其正常工作。

I followed this tutorial ( https://developer.ibm.com/bluemix/2015/04/17/securing-destinations-tls-bluemix-secure-gateway/ ) and the tunnel seems to be created (I can see that at logs of the gateway client) but no data is coming through. 我遵循了本教程( https://developer.ibm.com/bluemix/2015/04/17/securing-destinations-tls-bluemix-secure-gateway/ ),隧道似乎已创建(我可以在日志中看到网关客户端),但没有数据通过。

In the object Options which is a parameter of tls.connect , if I set rejectUnauthorized: true then I get "UNABLE_TO_GET_ISSUER_CERT" while I am using the generated certificates of the destination. 在对象Options这是tls.connect的参数)中,如果我设置了rejectUnauthorized: true则在使用目标生成的证书时会收到“ UNABLE_TO_GET_ISSUER_CERT”。 If I set rejectUnauthorized: false , then it seems to work and the connection opens but nothing comes through, it just hangs. 如果我设置了rejectUnauthorized: false ,那么它似乎可以正常工作,并且连接打开但没有任何结果,它只是挂起。 In both cases, I am using the same code that works when TLS is not set up and is based on the ibm_db node driver for DB2. 在这两种情况下,我都使用与未设置TLS且基于DB2的ibm_db节点驱动程序的代码相同的代码。

Has anyone experience with this, I have been struggling with it for some days now and any help would be much appreciated. 有没有人对此有经验,我已经努力了好几天,任何帮助将不胜感激。

1 个解决方案

解决方案1
 0  2016-10-06 15:46:55

After some discussion, we determined that part of the problem was explicitly stating a piece of the cert chain in the CA, causing the UNABLE_TO_GET_ISSUER_CERT error to be emitted. 经过一番讨论,我们确定问题的一部分是在CA中显式说明了一部分证书链,从而导致发出UNABLE_TO_GET_ISSUER_CERT错误。 This can be resolved by either adding the full chain to the CA or not explicitly adding anything to the CA (as the cert is publicly signed). 可以通过将完整链添加到CA或不显式添加任何内容到CA(因为证书已公开签名)来解决。

An underlying issue that was identified is that the ibm_db node driver for DB2 does not appear to work as expected for TLS connections. 确定的根本问题是,DB2的ibm_db节点驱动程序似乎无法正常工作于TLS连接。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Bluemix Secure Gateway Client TLS失败 - Bluemix Secure Gateway Client TLS failing 如何使用 java 连接到具有 TLS 版本 1.2 的 DB2 数据库? - How to connect using java to DB2 database with TLS version 1.2? Bluemix Secure Gateway JDBC与MySQL数据库的连接 - Bluemix Secure Gateway JDBC connection to MySQL database Db2 Warehouse:如何使用SSL与ibm数据服务器驱动程序进行连接 - Db2 Warehouse: How to connect using SSL with ibm data server driver C# 无法在 Windows 7/Windows Server 上使用 TLS1.2 创建 ssl/tls 安全通道 - C# Could not create ssl/tls secure channel on Windows 7/Windows Server, using TLS1.2 尝试使用python-ldap模块使用TLS连接到LDAP服务器 - Trying to connect to an LDAP server with TLS using python-ldap module 无法使用带有服务器 CA 验证的 TLS 连接到 AWS 数据库 - Cannot Connect to AWS Database using TLS with Server CA Validation 内部服务结构使用第三方CA证书安全集群 - Service Fabric on premises Secure cluster using third party CA certificate 如何 TLS/SSL 保护内部 Web 服务器? - How to TLS/SSL secure an internal web server? 如何创建安全(TLS/SSL)Websocket 服务器 - How to Create Secure(TLS/SSL) Websocket Server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM