[英]IBM MobileFirst Platform v8.0 Https connection from MobileApplication
Am using MFP 8.0 which is configured in IBM Liberty WAS V17.0.0.2 我正在使用在IBM Liberty WAS V17.0.0.2中配置的MFP 8.0
Using sample application which is downloaded from the Mfpconsole download center am trying to access the default HTTPS port which is 9443 to access. 使用从Mfpconsole下载中心下载的示例应用程序尝试访问默认的HTTPS端口9443进行访问。
It was failed to access the mfpserver the below is my error, 访问mfpserver失败,以下是我的错误,
errorCode:"UNEXPECTED_ERROR" errorMsg:"javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found." “ errorCode:” UNEXPECTED_ERROR“ errorMsg:” javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。“
So to test my server is working properly i tested the same with 9080 port it is working fine without any issues. 因此,要测试我的服务器是否正常工作,我使用9080端口进行了测试,它工作正常,没有任何问题。
In my liberty server.xml, Am using the default key-store and i have added the below line 在我的自由server.xml中,Am使用默认密钥存储区,我添加了以下行
ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL_TLSv2" ssl id =“ defaultSSLConfig” keyStoreRef =“ defaultKeyStore” sslProtocol =“ SSL_TLSv2”
For sure am missing something to be done, guide me to fix this folks.Thanks in advance 如果确实缺少要完成的工作,请指导我修复此问题。
Note: Am using the default keystore and cert which is generated when we start the Liberty node. 注意:我使用的是默认的密钥库和证书,这是我们启动Liberty节点时生成的。
The default keystore contains a self signed certificate. 缺省密钥库包含一个自签名证书。 This will not work in case of most new mobileOSes.
对于大多数新的mobileOS,这将不起作用。 In this scenario you need to create a custom keystore that contains a proper CA or a custom CA signed certificates, and configure the Application server to use this custom keystore.
在这种情况下,您需要创建一个包含正确的CA或自定义CA签名证书的自定义密钥库,并配置应用程序服务器以使用此自定义密钥库。
If your custom keystore contains well known CA issued certificates ( Verisign, DigiCert, GeoTrust etc), you will not need to add the root CA to the device. 如果您的自定义密钥库包含众所周知的CA颁发的证书(Verisign,DigiCert,GeoTrust等),则无需将根CA添加到设备中。 Device's certificate store contains most of these certificates.
设备的证书存储区包含大多数这些证书。 Otherwise, you need to export root CA and add it manually to the device certificate store.
否则,您需要导出根CA并将其手动添加到设备证书存储中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.