LogLevel debug ibm_ssl:trace8
E:/IBM9/HTTPServer/bin/gskcapicmd -cert -list -db E:/IBM9/HTTPServer/ssl/a.kdb -stashed
看是否可以列出证书,如果可以 sth里存储的密码是对的,不应该发生IHS错误,请收集新的跟踪来查看,建议先升级测试后如果还有问题再收集
如果上面命令列不出证书,说明sth文件损毁,请执行来重置:
E:/IBM9/HTTPServer/bin/gskcapicmd -keydb E:/IBM9/HTTPServer/ssl/a.kdb -stashpw -db E:/IBM9/HTTPServer/ssl/a.kdb
9.0.5-WS-IHS-ARCHIVE-win-x86_64-FP002 可以直接装 就跟apache的包一样
我这是升级 was及IHS到9.0.5.3(需要把9.0.10卸载了再装)
没有CMS的处理方法
jre\lib\security\java.security
添加 security.provider.10=com.ibm.security.cmskeystore.CMSProvider
SetEnv ssl-map-mode offload
1. 在 httpd.conf 中设置 LogLevel trace8,默认 LogLevel warn
2. 在 /yonyou/IBM9/HTTPServer/bin/envvars 底部添加下面 6 行
2. 在 /yonyou/IBM9/HTTPServer/bin/envvars 底部添加下面 6 行
GSK_TRACE_FILE=/tmp/gsktrace_log
GSK_TRACE_FILE_SIZE=104857600
GSK_TRACE_FILE_NUMBER=5
export GSK_TRACE_FILE
export GSK_TRACE_FILE_SIZE
export GSK_TRACE_FILE_MUMBER
3. 在 plugin-cfg.xml 中设置 LogLevel="Trace", 默认 LogLevel="Error"
4. 重启 IHS
5. 运行 tcpdump -s 0 -w /tmp/ihs.out &
6. 发送 HTTPS 请求,重现问题,收集并上传如下数据
--- 发生问题的 client IP
--- 重现问题所使用的,完整的请求 URL,例如 https://hostname:port/uri
--- 重现问题的时间点, HH:MM
--- httpd.conf, error_log, access_log, /tmp/gsktrace_log
--- IHS 的 key.kdb, key.sth 以及密码
--- /tmp/ihs.out
--- plugin-cfg.xml, http_plugin.log
--- plugin 的 plugin-key.kdb, plugin-key.sth 以及密码,文件路径在 plugin-cfg.xml 中
3. 在 plugin-cfg.xml 中设置 LogLevel="Trace", 默认 LogLevel="Error"
4. 重启 IHS
5. 运行 tcpdump -s 0 -w /tmp/ihs.out &
6. 发送 HTTPS 请求,重现问题,收集并上传如下数据
--- 发生问题的 client IP
--- 重现问题所使用的,完整的请求 URL,例如 https://hostname:port/uri
--- 重现问题的时间点, HH:MM
--- httpd.conf, error_log, access_log, /tmp/gsktrace_log
--- IHS 的 key.kdb, key.sth 以及密码
--- /tmp/ihs.out
--- plugin-cfg.xml, http_plugin.log
--- plugin 的 plugin-key.kdb, plugin-key.sth 以及密码,文件路径在 plugin-cfg.xml 中
http转https
RewriteEngine on
RewriteCond %{SERVER_PORT} =80
RewriteCond %{SERVER_NAME} =test.w.com [OR]
RewriteCond %{SERVER_NAME} =123.123.123.123
RewriteCond %{SERVER_NAME} =w.com
RewriteRule ^(.*) https://test.w.com%{REQUEST_URI} [R,L]
高级用法 (可选)
RewriteEngine on
# 强制HTTPS
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{SERVER_PORT} 80
# 某些页面强制
RewriteCond %{REQUEST_URI} ^something_secure [OR]
RewriteCond %{REQUEST_URI} ^something_else_secure
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# 强制HTTP
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{SERVER_PORT} 443
# 某些页面强制
RewriteCond %{REQUEST_URI} ^something_public [OR]
RewriteCond %{REQUEST_URI} ^something_else_public
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] https://blog.mimvp.com/article/20403.html
8.5.5was 遇到的问题
<Config ASDisableNagle="false" ... UseInsecure="true">
解决如下报错
1 - ERROR: ws_common: websphereFindTransport: Nosecure transports available.
[18/Sep/2013:17:03:19.96759] 00000ad9 73df2700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find a transport
[18/Sep/2013:17:03:19.96761] 00000ad9 73df2700 - ERROR: ESI: getResponse: failed to get response: rc = 4
[18/Sep/2013:17:03:19.96762] 00000ad9 73df2700 - ERROR: ws_common: websphereHandleRequest: Failed to handle request
2 - ws_common: websphereUriMatch: Fails to find a match sometimes, but does other times.
[18/Sep/2013:17:03:19.96759] 00000ad9 73df2700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find a transport
[18/Sep/2013:17:03:19.96761] 00000ad9 73df2700 - ERROR: ESI: getResponse: failed to get response: rc = 4
[18/Sep/2013:17:03:19.96762] 00000ad9 73df2700 - ERROR: ws_common: websphereHandleRequest: Failed to handle request
2 - ws_common: websphereUriMatch: Fails to find a match sometimes, but does other times.
