LogLevel debug ibm_ssl:trace8
E:/IBM9/HTTPServer/bin/gskcapicmd -cert -list -db E:/IBM9/HTTPServer/ssl/a.kdb -stashed
看是否可以列出證書,如果可以 sth里存儲的密碼是對的,不應該發生IHS錯誤,請收集新的跟蹤來查看,建議先升級測試后如果還有問題再收集
如果上面命令列不出證書,說明sth文件損毀,請執行來重置:
E:/IBM9/HTTPServer/bin/gskcapicmd -keydb E:/IBM9/HTTPServer/ssl/a.kdb -stashpw -db E:/IBM9/HTTPServer/ssl/a.kdb
9.0.5-WS-IHS-ARCHIVE-win-x86_64-FP002 可以直接裝 就跟apache的包一樣
我這是升級 was及IHS到9.0.5.3(需要把9.0.10卸載了再裝)
沒有CMS的處理方法
jre\lib\security\java.security
添加 security.provider.10=com.ibm.security.cmskeystore.CMSProvider
SetEnv ssl-map-mode offload
1. 在 httpd.conf 中設置 LogLevel trace8,默認 LogLevel warn
2. 在 /yonyou/IBM9/HTTPServer/bin/envvars 底部添加下面 6 行
2. 在 /yonyou/IBM9/HTTPServer/bin/envvars 底部添加下面 6 行
GSK_TRACE_FILE=/tmp/gsktrace_log
GSK_TRACE_FILE_SIZE=104857600
GSK_TRACE_FILE_NUMBER=5
export GSK_TRACE_FILE
export GSK_TRACE_FILE_SIZE
export GSK_TRACE_FILE_MUMBER
3. 在 plugin-cfg.xml 中設置 LogLevel="Trace", 默認 LogLevel="Error"
4. 重啟 IHS
5. 運行 tcpdump -s 0 -w /tmp/ihs.out &
6. 發送 HTTPS 請求,重現問題,收集並上傳如下數據
--- 發生問題的 client IP
--- 重現問題所使用的,完整的請求 URL,例如 https://hostname:port/uri
--- 重現問題的時間點, HH:MM
--- httpd.conf, error_log, access_log, /tmp/gsktrace_log
--- IHS 的 key.kdb, key.sth 以及密碼
--- /tmp/ihs.out
--- plugin-cfg.xml, http_plugin.log
--- plugin 的 plugin-key.kdb, plugin-key.sth 以及密碼,文件路徑在 plugin-cfg.xml 中
3. 在 plugin-cfg.xml 中設置 LogLevel="Trace", 默認 LogLevel="Error"
4. 重啟 IHS
5. 運行 tcpdump -s 0 -w /tmp/ihs.out &
6. 發送 HTTPS 請求,重現問題,收集並上傳如下數據
--- 發生問題的 client IP
--- 重現問題所使用的,完整的請求 URL,例如 https://hostname:port/uri
--- 重現問題的時間點, HH:MM
--- httpd.conf, error_log, access_log, /tmp/gsktrace_log
--- IHS 的 key.kdb, key.sth 以及密碼
--- /tmp/ihs.out
--- plugin-cfg.xml, http_plugin.log
--- plugin 的 plugin-key.kdb, plugin-key.sth 以及密碼,文件路徑在 plugin-cfg.xml 中
http轉https
RewriteEngine on
RewriteCond %{SERVER_PORT} =80
RewriteCond %{SERVER_NAME} =test.w.com [OR]
RewriteCond %{SERVER_NAME} =123.123.123.123
RewriteCond %{SERVER_NAME} =w.com
RewriteRule ^(.*) https://test.w.com%{REQUEST_URI} [R,L]
高級用法 (可選)
RewriteEngine on
# 強制HTTPS
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{SERVER_PORT} 80
# 某些頁面強制
RewriteCond %{REQUEST_URI} ^something_secure [OR]
RewriteCond %{REQUEST_URI} ^something_else_secure
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# 強制HTTP
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{SERVER_PORT} 443
# 某些頁面強制
RewriteCond %{REQUEST_URI} ^something_public [OR]
RewriteCond %{REQUEST_URI} ^something_else_public
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
https://blog.mimvp.com/article/20403.html
8.5.5was 遇到的問題
<Config ASDisableNagle="false" ...
UseInsecure="true"
>
解決如下報錯
1 - ERROR: ws_common: websphereFindTransport: Nosecure transports available.
[18/Sep/2013:17:03:19.96759] 00000ad9 73df2700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find a transport
[18/Sep/2013:17:03:19.96761] 00000ad9 73df2700 - ERROR: ESI: getResponse: failed to get response: rc = 4
[18/Sep/2013:17:03:19.96762] 00000ad9 73df2700 - ERROR: ws_common: websphereHandleRequest: Failed to handle request
2 - ws_common: websphereUriMatch: Fails to find a match sometimes, but does other times.
[18/Sep/2013:17:03:19.96759] 00000ad9 73df2700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find a transport
[18/Sep/2013:17:03:19.96761] 00000ad9 73df2700 - ERROR: ESI: getResponse: failed to get response: rc = 4
[18/Sep/2013:17:03:19.96762] 00000ad9 73df2700 - ERROR: ws_common: websphereHandleRequest: Failed to handle request
2 - ws_common: websphereUriMatch: Fails to find a match sometimes, but does other times.