有关创建Https加密的webservice使用者的方法

1、creating a self signed certificate in domino此配置的应用场景：中石化烁销公司的crm系统提供了一个经https加密的wcbservicc的地址，在创建 webservice使用者后，用ls调用该接口的时候报如下错误：代理的agtgetcustomerlnfo函数的第25行中，出现错误4746：web service z0a_qjst0.mer_inf0mn28 error error connecting to crm. lyxs. s ， on port 443， ssl error: keyring file not found该问题的解决步骤如

2、下：步碟一：在对应的服务器用domino certficate authority模板在domino根录卜创建数据序。修 改权限及签名，另default的权限应可以创建文档。确定取消指定新应用程序的名称和位s 服夯器 6) oauat/lyxs 标題 ft) dminoauthority艾件名 op) author i ty| nsf创逮全文索引以便逬行捜索(c)为銪应用程序指定极板 服务器00模板cl)design synopsisdomino administrator (9.01)domino certificate authoritydomino configuration tuner

3、 eclipse update sit«9) feed contenthealth monitoring (9) issued c«rtificat«s list local document cache文件名 00 ccaso.ntf关子示惠级根板圉绀承以后的设计更改a)步骤二：xtr create certificate authority key ring在notes端打开新创建的数据痺authority.nsf, & certificatecertificateauthoritycertificate authority setup1. creat

4、e certificate authority key ring & certificatecertificateauthoritylonfiguratiori configure c«rh<k«u authority profile3. create server key ring & certificateservercertificaterequestsclientcertrficat*requestsclientregistrationrequestsviewcertificate authoritykey ring填写表单内容，common

5、name为服务器名；organization为组织名填写完后点击authority鯽会在本地notes的data r录f创建cakey.kyr,将其拷贝至服务器的data目录下。create certificate authority key ringthis fomyou create the ctrtificat* authority kty nn(key kinc inforaationk*y rin< file cakty. kyr j namekiy rin(r*jptsswordptssword verifyr*jor(«nization; lyxx jorctni

6、 zationtlj (option<l)unitcity or locdlity ; j (optional)s;ate or province jiansul) (no abbrevi &tions) country; cm j (two character country code)quick helpspecify th« file n«m« <nd password for the key rincprovides your unique identity 亀s t c«rlifictt« authority. t

7、his is lh< information that will display as th« issuer* in c«rti ficates that ycu sincreate certificate authority key ring i步驟四：.dozw/voserver certificateadministrationcrmtt <key rmqacedifktetcertificate intrylabeltrusted root key 纛<i& l«&uviewtedhk«y mnqiccrthic

8、att requestlogkeypalrnoc anoles<jatasertcert kyrc«rti fi call on antkori tiesbaltimore cybertrust root cayescanotesd3taseltcertkyrentrust wap cay«sc:viotesdatasellcertkyrbaltimore cytertrust mobile cayesc viotesdatasellcert kyrverisign class 3 public pnma7 certification authorityyescano

9、tesmjatavsettcertkyrverisign class 2 public pnma7 certification authorityyescv)otesdatasehcertkyrverisign class 1 pu wic pnma certification authorityyesc arolesvjatavseilcerl kyrvorisign class 1 public prtma7 certflcation authorityyesclnotesvjataxsertcerlkyrvdnsign class 2 public primay cerlrficabon

10、 authorityyescanotesdatasettcerlkyrverisign class 4 public pnmav certification authorityyescanolesvjatavsellcert kyrvensign class 3 public pnmai certiflcaaon authorityy«scanotesdatasel(certkyrentrust 2048diicac viot«sdau8eilcert kyrentrust global client caytsc anolesdatasertcert kyrentrust

11、 gssl cayescvioteskjataxsertcertkyreiibubl sslcayfebc.viutebvldtdvbellueflkytentrust client cayescarotesdatasertcertkyrverisign class 2 public pnmry certification authorityy«scanot«sdausertcertkyrverisign class 4 public pnmay certficabon authorityy«scv)otesdatasencertkyrvftnsign class

12、 1 public pnma certification authorityyescviolesvjauvsellcerlkytvdrislgn class 3 public primary certflcation authorityyescotesdatasettcerlkyt在 notes 端打开 server certificate admin 数据库，点市”view and edit keyrhngs”，点市 “select key ring to display” “，输入刚才保存的cakey的路径，点击确定，输入刚才配罝的cakey的密码。步驟五:点击 create key ri

13、ng with self-certified certificatedo/w/voserver certificateadministrationcreate key rings & certificatesview & editkey ringsclick on the steps bdow to create an ssl key ring and populate it with certificates.1. create k«y ring2. create certafkate request3. in&tau trusted root certii

14、>cat« into key ring4. in&tatt certificate into key ringviewcertificate requestlogyou can also quickly create a key ringwith a se«<ertified certificate for testing purposes.create key rang with self-certified certificate填写表单内容，common name应为对应的服务器域名 organization应为组织名点击 create key r

15、ing with self-certified certificateth« dxstin(uishtd nt»« is the information about your si te that vkllin mtycertificates youhole： make sur« th« comon ntm« batches the url of your sit*. so«« brovstrs check the common nene and the si t« url, and do not all

16、ow a connection if they don t atlck.create key ring rith self-certified certificatekey kia< iaforoationk<y rin< fil«k*yfil*. kyrnimtk<y faszwrd r* j ptxxword verify： r*»*»*jtkis £or» l«ts you easily cr«tt« t kty ri&c with « s«lfmc

17、1;rtafi«d c«rtifxcat* for t«stinc purposes. th« resulting key ring is ready for use with ssl, but is not appropriate for 亀 product!on internet or intranet si te due to the eerti fieate bexnc sieved by yourself instead of < ctrtificatt authority.quick helpspecify tk« n

18、1;i< and password for tht k«y rin( £iumole： you'll bt r«f«rrin< to th« kty rxn< xnforattxon you ent«r here i£ you install additional trusted root c«rtx£ictt«s into the key rinc l«t«r.coh»on n«a«oautt. lyxs. sinop

19、tc. comor(«ni zationlyxsoranizational r j (optional)uritcity or locality (optiontl)st«t« or province ; ji tncxu j (no tbbrtvi ttions) ccuntry' cfjj (two chtrtcl«r country cod*)crtttt ky rin( with s»lf-ctrtified c«rtxfictl«点击按钮后，在本地notes的data目录下生成2个文件data/keyfil

20、e.kyrdata/keyfile.sth将这2个文件拷贝至服务器的data目录下步骤八：打开administrator,打开服务器文档，要启用ssl的443端口。接收ssl站点验证字tatvnote基本|安全性|破口 |服夯器任夯| internet协说. | »u . |杂项|奉*记录|共車越件| daos | lotus trmur |管理 mottx刚搞口 | internet摘口|代理|sslss-密祖文件名ktyfilt. kyr jss-协设飯本调于隊http以外 的祈有协论）：司协商的j cd榷费ssl坫疰給证字：嚴t否榷费勃期的ssl始证字汉是广否ss-加密法：rc4加密（128 fes钮和助5 iac）rc4加密（128位密钼和