小编Pan*_*amo的帖子

我以这种方式将 NGINX 设置为两个 Domino 服务器的负载平衡器：

http {

    upstream www.mydomain.com {
      server 1.1.1.1;
      server 2.2.2.2 backup;
    }

    server {
        listen       80;
        server_name  www.mydomain.com;

        location / {
            proxy_pass http://www.mydomain.com;
        }
    }
}

如果我直接访问 Domino 服务器，响应头是这些：

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Mon, 23 Dec 2013 12:19:36 GMT
Last-Modified: Fri, 20 Dec 2013 08:16:27 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 12713
Cache-control: private
ETag: W/"MTAtODEwRC1DMjI1N0MzRDAwN0M3NTBCLUMyMjU3QzQ3MDAyRDczMzktMC1DTj1QYW51IEhhYXJhbW8vTz1BQUQ="

当我通过 NGINX 访问同一页面时，响应头是这些：

HTTP/1.1 200 OK
Server: nginx/1.0.15
Date: Mon, 23 Dec 2013 12:02:29 GMT
Content-Type: text/html; charset=US-ASCII
Connection: …

当我们将 Domino 开发服务器从 8.5.3 升级到 9 时，从 Java 代码到具有GoDaddy证书的站点的 HTTPS 连接停止工作。与具有DigiCert证书的服务器的连接工作正常。这发生在代理和 XPage 中。

这是一个 XPage 示例代码：

<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core">
    <xp:this.beforePageLoad>
             <![CDATA[#{javascript:new java.net.URL("https://www.sslshopper.com/").openStream();]]>
    </xp:this.beforePageLoad>
</xp:view>

我也试过UrlConnection。这是例外：

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 3659
    com.ibm.jsse2.o.a(o.java:15)
    com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:460)
    com.ibm.jsse2.kb.a(kb.java:294)
    com.ibm.jsse2.kb.a(kb.java:533)
    com.ibm.jsse2.lb.a(lb.java:55)
    com.ibm.jsse2.lb.a(lb.java:581)
    com.ibm.jsse2.kb.s(kb.java:11)
    com.ibm.jsse2.kb.a(kb.java:394)
    com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:44)
    com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:496)
    com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:528)
    com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:505)
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:83)
    com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:31)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1184)
    com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:40)
    java.net.URL.openStream(URL.java:1022)

...

java.security.cert.CertificateException: 3659
com.ibm.domino.napi.ssl.DominoX509TrustManager.checkServerTrusted(DominoX509TrustManager.java:98)
    com.ibm.jsse2.lb.a(lb.java:468)
    com.ibm.jsse2.lb.a(lb.java:581)
    com.ibm.jsse2.kb.s(kb.java:11)
    com.ibm.jsse2.kb.a(kb.java:394)
    com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:44)
    com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:496)
    com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:528)
    com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:505)
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:83)
    com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:31)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1184)
    com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:40)
    java.net.URL.openStream(URL.java:1022)

我根据以下说明将 GoDaddy 证书导入到 domino_path\jvm\lib\security\cacerts 密钥库：

http://drcs.ca/blog/adding-godaddy-intermediate-certificates-to-java-jdk/

但这并没有帮助，我还导入了gd-class2-root.crt 却没有结果。我还尝试重命名 …