SSL错误而在IBM MobileFirst适配器使用内部CA

Question

环境：

1. WebSphere平台8.5.5.0 [BASE 8.5.5.0 gm1319.01]与工序名称Node01Cell \ NODE01 \ server1的运行和进程id 9392
2. 主机操作系统是Windows Server 2012中，6.2版本
3. Java版本1.6.0 =，Java编译器= j9jit26，Java虚拟机的名称= IBM J9 VM
4. IBM MobileFirst 6.3.0.00.20141127- 1357

HTTP适配器用于连接通过内部CA发出的HTTPS的WebService。

为了访问Webserivce内部根CA & Webserivce根据以下步骤，在WAS中手动添加公共证书。

SSL证书和密钥管理>密钥库和证书> 节点默认>签署者证书>添加>输入别名 名称&文件路径。

但相同的是通过失败，提示以下错误：从端口检索。

ErrorReceived fatal alert: handshake_failure 

然而，我在

$核实了内部CA & Web服务端点证书可{} CONFIG_ROOT /cells/Node01Cell/nodes/Node01/trust.p12

那些在MFP default.keystore中也添加了相同的证书，并启用了worklight.properties文件中的密钥库。

虽然上面的配置似乎没问题，但是当适配器的请求发送到webservice时，会记录下面的错误。

[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, setSoTimeout(120000) called 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O 
Is initial handshake: true 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O %% No cached client session 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O *** ClientHello, TLSv1 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O RandomCookie: GMT: 1473400159 bytes = { 246, 214, 135, 72, 132, 51, 89, 33, 32, 31, 239, 155, 210, 120, 83, 221, 214, 84, 136, 207, 132, 51, 172, 126, 33, 192, 150, 43 } 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O Session ID: {} 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST] 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O Compression Methods: { 0 } 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O *** 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O [write] MD5 and SHA1 hashes: len = 81 

[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, WRITE: TLSv1 Handshake, length = 81 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O [Raw write]: length = 86 

[3/22/17 14:09:35:744 ] 000000ae SystemOut  O [Raw read]: length = 5 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O 0000: 15 03 01 00 02          ..... 

[3/22/17 14:09:35:744 ] 000000ae SystemOut  O [Raw read]: length = 2 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O 0000: 02 28            .. 

[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, READ: TLSv1 Alert, length = 2 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, RECV TLSv1 ALERT: fatal, handshake_failure 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, called closeSocket() 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, called close() 
[3/22/17 14:09:35:744 ] 000000ae SystemOut  O WebContainer : 4, called closeInternal(true) 
[3/22/17 14:09:35:744 ] 000000ae DataAccessSer E logError FWLSE0099E: An error occurred while invoking procedure [project mobile]SampleAdapter/HttpRequestFWLSE0100E: parameters: [project mobile] 
Http request failed: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
FWLSE0101E: Caused by: [project mobile]javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failurejava.lang.RuntimeException: Http request failed: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at com.worklight.adapters.http.HTTPConnectionManager.execute(HTTPConnectionManager.java:236) 
    at com.worklight.adapters.http.HttpClientContext.doExecute(HttpClientContext.java:185) 
    at com.worklight.adapters.http.HttpClientContext.execute(HttpClientContext.java:169) 
    at com.worklight.adapters.http.HTTP.execRequest(HTTP.java:145) 
    at com.worklight.adapters.http.HTTP.invoke(HTTP.java:134) 

Webserivce URL是从浏览器访问，在绿色，没有错误或警告显示SSL锁显示器。

Answer 1

应用最新的iFix为IBM MobileFirst Platform Foundation (6.3.0.0)

这是因为它包含了APAR PI42320修复应该解决的问题。