[英]Connect to on premises DB2 server using Bluemix secure gateway and TLS
I have been trying to connect my Node.js Public Bluemix app to a DB2 server which is behind a firewall using the secure gateway service of Bluemix. 我一直在尝试使用Bluemix的安全网关服务将Node.js Public Bluemix应用程序连接到位于防火墙后面的DB2服务器。 When I try that by just using TCP everything works fine. 当我尝试仅使用TCP时,一切正常。 I am now trying to use the TLS:Mutual Auth option and I can't make it work. 我现在正尝试使用TLS:Mutual Auth选项,但无法使其正常工作。
I followed this tutorial ( https://developer.ibm.com/bluemix/2015/04/17/securing-destinations-tls-bluemix-secure-gateway/ ) and the tunnel seems to be created (I can see that at logs of the gateway client) but no data is coming through. 我遵循了本教程( https://developer.ibm.com/bluemix/2015/04/17/securing-destinations-tls-bluemix-secure-gateway/ ),隧道似乎已创建(我可以在日志中看到网关客户端),但没有数据通过。
In the object Options
which is a parameter of tls.connect
, if I set rejectUnauthorized: true
then I get "UNABLE_TO_GET_ISSUER_CERT" while I am using the generated certificates of the destination. 在对象Options
这是tls.connect
的参数)中,如果我设置了rejectUnauthorized: true
则在使用目标生成的证书时会收到“ UNABLE_TO_GET_ISSUER_CERT”。 If I set rejectUnauthorized: false
, then it seems to work and the connection opens but nothing comes through, it just hangs. 如果我设置了rejectUnauthorized: false
,那么它似乎可以正常工作,并且连接打开但没有任何结果,它只是挂起。 In both cases, I am using the same code that works when TLS is not set up and is based on the ibm_db
node driver for DB2. 在这两种情况下,我都使用与未设置TLS且基于DB2的ibm_db
节点驱动程序的代码相同的代码。
Has anyone experience with this, I have been struggling with it for some days now and any help would be much appreciated. 有没有人对此有经验,我已经努力了好几天,任何帮助将不胜感激。
After some discussion, we determined that part of the problem was explicitly stating a piece of the cert chain in the CA, causing the UNABLE_TO_GET_ISSUER_CERT
error to be emitted. 经过一番讨论,我们确定问题的一部分是在CA中显式说明了一部分证书链,从而导致发出UNABLE_TO_GET_ISSUER_CERT
错误。 This can be resolved by either adding the full chain to the CA or not explicitly adding anything to the CA (as the cert is publicly signed). 可以通过将完整链添加到CA或不显式添加任何内容到CA(因为证书已公开签名)来解决。
An underlying issue that was identified is that the ibm_db
node driver for DB2 does not appear to work as expected for TLS connections. 确定的根本问题是,DB2的ibm_db
节点驱动程序似乎无法正常工作于TLS连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.