0

From a WCF client, I can send requests to a Datapower service just fine. When the datapower tries to send a response, they get the following error:

11:41:55 ssl error 224703 0x806000ca valcred (xx.xxxxxx.xx.xx_xxx): SSL Proxy Profile 'xx.xxxxxx.xx.xx_sslpp': connection error: peer did not send a certificate

On the client and server, we have matching certificates and I have that certificate bound to the appropriate port as well as a "SetCertificate" call attaching the certificate to the client. I'm seeing no response traffic at all on the server side via trace logs. The folks on the datapower/client side say the service is not presenting the certificate after handshaking but I have to visibility to that.

Any suggestions would be greatly appreciated.

4

1 回答 1

2

我一直面临这个问题,我是一名数据能力和 Java Web 服务开发人员。

此情景假设 datapower 充当服务器。

  1. 当 datapower 记录该对等方未发送证书时,这意味着 WCF 未在整个网络上发送它与 datapower 共享的公共证书。
  2. 这可以通过发送打开 datapower 中的数据包捕获来确认。
  3. 很多时候人们开始更改公共证书,我建议不要这样做,而是专注于了解为什么客户没有看到任何问题。
  4. 客户端为 Java 的客户端中的密钥库需要在信任库中包含客户端公钥和 datapower 公钥。

将服务器证书放入密钥库的 keytool 命令cacerts.jks

keytool -import -v -trustcacerts -alias mykey -keypass changeit -file mykey.cer -keystore cacerts.jks -storepass changeit
于 2012-12-04T22:23:22.800 回答