0

我正在用 LotusScript 开发一个后台代理(和一个 Web 代理),它必须使用第 3 方提供的 RESTful Web 服务。出于显而易见的原因,他们使用 SSL 保护他们的服务。

在 Notes 客户端中,我设法接受了站点发出的证书。代理完全按照我的意愿进行操作,所有通信都按应有的方式进行。但是当我在服务器(R8.5.3FP2)上尝试后台代理时:

2013 年 12 月 7 日 11:46:17 连接中断:SSL 错误:远程证书错误或丢失

关于代码的一些细节:

  • NotesDocument.GetDocumentByURL
  • Web Retriever (web.exe) 正在服务器上运行(该任务是必需的)

我在 Firefox 中使用我用来连接服务的 URL 打开了同一个页面。页面正确打开,页面信息允许我创建证书文件(.der 或 .p7c,它们都被 Domino 管理员接受)。然后我打开管理员,进入配置/安全/证书/证书,并使用导入 Internet 证书操作。两个文件都可以成功导入。尽管如此,还是没有运气...

如果你有一个好主意,请分享,我确实需要一个。还是有那么难??

谢谢!


来自控制台的跟踪信息:

12/07/2013 22:47:16,82 [01E8:0005-0E40] ReadKeyfile> Recovering password from stash file
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Password is 
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Reading keyfile E:\Lotus\Domino\data\keyfile.kyr
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Read failed: file not found
12/07/2013 22:47:16,83 [01E8:0005-0E40] ReadKeyfile> Exit status = 259
12/07/2013 22:47:16,85 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error 0 to 0
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0000 (Unknown Cipher)
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Handshake> SSL Undetermined attempt
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Enter len = 66
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000000: 80 40 01 03 00 00 27 00 00 00 10 00 00 04 00 00   '.@....'.........'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000010: 05 00 00 2F 00 00 35 00 00 0A 00 00 09 00 00 62   '.../..5........b'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000020: 00 00 03 00 00 02 00 00 01 00 00 01 01 00 80 02   '................'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000030: 00 80 B0 AC 0E 39 84 F7 C8 D1 1A A6 D6 10 CA C9   '..0,.9.wHQ.&V.JI'
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_Xmt> 00000040: 9C 00                                             '..'
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Switching Endpoint to sync
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Posting a nti_snd for 66 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_EncryptData> SSL not init exit
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Switching Endpoint to async
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_EncryptDataCleanup> SSL not init exit
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> nti_done return 66 bytes rc = 0
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Write> Exit, wrote 66 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Enter len = 1
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,85 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 1 bytes
12/07/2013 22:47:16,85 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> nti_done return 1 bytes rc = 0
12/07/2013 22:47:16,96 [01E8:0005-0E40] SSL_RCV> 00000000: 00                                                '.'
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Exit, read 1 bytes
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Enter len = 4
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,96 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 4 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 4 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> 00000000: 00 00 00 00                                       '....'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 4 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 74
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 74 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 74 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> -- 64 (0x0040) bytes of 0 --
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 74 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: 2 State: 6 Key Exchange: 0 Cipher: 0x0000 (Unknown Cipher)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: SSL_server_hello
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Exit> Message: 2 State: 6 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Enter> Processed : 2 State: 6
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Enter> Processed : SSL_server_hello
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLAdvanceHandshake Exit> State : 8
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake state= 8 Status= -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -5000 to 4176
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 5
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 5 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 5 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> 00000000: 02 00 00 46 03                                    '...F.'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 5 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Enter len = 3661
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Posting a nti_rcv for 3661 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RcvSetup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> nti_done return 3661 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_RCV> -- 3648 (0x0E40) bytes of 0 --
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Read> Exit, read 3661 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: 11 State: 8 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Enter> Message: SSL_certificate
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLCheckCertChain> Invalid certificate chain received
Cert Chain Evaluation Status: err: 3659, Cannot establish trust in a certificate or CRL.
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLSendAlert> Sending an alert of 0x0 level 0x2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSLProcessHandshakeMessage Exit> Message: 11 State: 2 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Changing SSL status from -6986 to -5000 to flush write queue
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake2 state 2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -5000
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -5000 to 4176
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Enter
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Enter len = 7
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Xmt> 00000000: 15 03 00 00 02 02 00                              '.......'
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Switching Endpoint to sync
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Posting a nti_snd for 7 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_EncryptData> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Switching Endpoint to async
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_EncryptDataCleanup> SSL not init exit
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> nti_done return 7 bytes rc = 0
12/07/2013 22:47:16,97 [01E8:0005-0E40] S_Write> Exit, wrote 7 bytes
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> After handshake2 state 2
12/07/2013 22:47:16,97 [01E8:0005-0E40] SSL_Handshake> Exit Status = -6986
12/07/2013 22:47:16,97 [01E8:0005-0E40] int_MapSSLError> Mapping SSL error -6986 to 4163
12/07/2013 22:47:17   Connection interrupted: SSL Error: Bad or missing remote certificate

再次,更多信息。创建了一个交叉证书(实际上是验证者 Go Daddy): 已创建交叉证书 仍然没有运气。我要求管理员也交叉认证对方,它不会受到伤害,并且可能确实是缺失的环节。更多关注。


那也无济于事,创建了交叉证书,但服务器仍然抱怨远程证书。

于是我想:好吧,让我们模仿我为获得个人证书所做的操作。我在我的个人通讯录中创建了一个信任,将该文件复制到服务器上,你瞧,我的网络代理突然开始工作了!!

仍然是一个问题:这是它应该如何工作的?这在哪里记录?如果有的话?

谢谢你的支持!

4

0 回答 0