rest - 如何使用 SSL 在 Lotus Domino 中使用 RESTful Web 服务

Question

我正在用 LotusScript 开发一个后台代理（和一个 Web 代理），它必须使用第 3 方提供的 RESTful Web 服务。出于显而易见的原因，他们使用 SSL 保护他们的服务。

在 Notes 客户端中，我设法接受了站点发出的证书。代理完全按照我的意愿进行操作，所有通信都按应有的方式进行。但是当我在服务器（R8.5.3FP2）上尝试后台代理时：

2013 年 12 月 7 日 11:46:17 连接中断：SSL 错误：远程证书错误或丢失

关于代码的一些细节：

• NotesDocument.GetDocumentByURL
• Web Retriever (web.exe) 正在服务器上运行（该任务是必需的）

我在 Firefox 中使用我用来连接服务的 URL 打开了同一个页面。页面正确打开，页面信息允许我创建证书文件（.der 或 .p7c，它们都被 Domino 管理员接受）。然后我打开管理员，进入配置/安全/证书/证书，并使用导入 Internet 证书操作。两个文件都可以成功导入。尽管如此，还是没有运气...

如果你有一个好主意，请分享，我确实需要一个。还是有那么难？？

谢谢！

---

来自控制台的跟踪信息：

12/07/2013 22:47:16,82 [01E8:0005-0E40] ReadKeyfile> Recovering password from stash file
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Password is 
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Reading keyfile E:\Lotus\Domino\data\keyfile.kyr
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Read failed: file not found
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Exit status = 259
12/07/2013 22:47:16,85 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error 0 to 0
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0000 (Unknown Cipher)
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> SSL Undetermined attempt
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Enter len = 66
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000000: 80 40 01 03 00 00 27 00 00 00 10 00 00 04 00 00   '.@....'.........'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000010: 05 00 00 2F 00 00 35 00 00 0A 00 00 09 00 00 62   '.../..5........b'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000020: 00 00 03 00 00 02 00 00 01 00 00 01 01 00 80 02   '................'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000030: 00 80 B0 AC 0E 39 84 F7 C8 D1 1A A6 D6 10 CA C9   '..0,.9.wHQ.&V.JI'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000040: 9C 00                                             '..'
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Switching Endpoint to sync
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Posting a nti_snd for 66 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_EncryptData> SSL not init exit
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Switching Endpoint to async
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_EncryptDataCleanup> SSL not init exit
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> nti_done return 66 bytes rc = 0
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Exit, wrote 66 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Enter len = 1
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 1 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> nti_done return 1 bytes rc = 0
12/07/2013 22:47:16,96 [01E8:0005-0E40] SSL_RCV> 00000000: 00                                                '.'
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Exit, read 1 bytes
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Enter len = 4
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 4 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 4 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> 00000000: 00 00 00 00                                       '....'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 4 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 74
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 74 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 74 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> -- 64 (0x0040) bytes of 0 --
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 74 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: 2 State: 6 Key Exchange: 0 Cipher: 0x0000 (Unknown Cipher)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: SSL_server_hello
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Exit> Message: 2 State: 6 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Enter> Processed : 2 State: 6
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Enter> Processed : SSL_server_hello
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Exit> State : 8
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake state= 8 Status= -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -5000 to 4176
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 5
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 5 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 5 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> 00000000: 02 00 00 46 03                                    '...F.'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 5 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 3661
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 3661 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 3661 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> -- 3648 (0x0E40) bytes of 0 --
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 3661 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: 11 State: 8 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: SSL_certificate
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLCheckCertChain> Invalid certificate chain received
Cert Chain Evaluation Status: err: 3659, Cannot establish trust in a certificate or CRL.
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLSendAlert> Sending an alert of 0x0 level 0x2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Exit> Message: 11 State: 2 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Changing SSL status from -6986 to -5000 to flush write queue
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake2 state 2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -5000 to 4176
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Enter len = 7
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Xmt> 00000000: 15 03 00 00 02 02 00                              '.......'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Posting a nti_snd for 7 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_EncryptData> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_EncryptDataCleanup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> nti_done return 7 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Exit, wrote 7 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake2 state 2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -6986
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -6986 to 4163
12/07/2013 22:47:17   Connection interrupted: SSL Error: Bad or missing remote certificate

---

再次，更多信息。创建了一个交叉证书（实际上是验证者 Go Daddy）： 仍然没有运气。我要求管理员也交叉认证对方，它不会受到伤害，并且可能确实是缺失的环节。更多关注。

---

那也无济于事，创建了交叉证书，但服务器仍然抱怨远程证书。

于是我想：好吧，让我们模仿我为获得个人证书所做的操作。我在我的个人通讯录中创建了一个信任，将该文件复制到服务器上，你瞧，我的网络代理突然开始工作了！！

仍然是一个问题：这是它应该如何工作的？这在哪里记录？如果有的话？

谢谢你的支持！