最近在处理winphone8手机推送服务(winphone push notification
),在verisign申请了一个第三方证书,
在linux的nginx服务器上安装了证书,通过检测工具
http://www.digicert.com/help/,
检测到mpns.palm-chat.com这个域名的证书已经正常安装到服务器,服务器开启了https的443端口。
客户端这边的common name
都是保持一致的,由客户端申请到了https链接。服务器端向该https发送数据,具体请求细节如下:
* About to connect() to db3.notify.live.net port 443 (#0)
* Trying 134.170.168.126...
* connected
* Connected to db3.notify.live.net (134.170.168.126) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=*.push.live.net
* start date: 2013-07
* expire date: 2015-07
* subjectAltName: db3.notify.live.net matched
* issuer: DC=com;
* SSL certificate verify ok.
> POST /unthrottledthirdparty/01.00/AQHSlrBYhQvdRJYPLwobcJtaAgAAAAADKwAAAAQUZm52OkJCMjg1QTg1QkZDMkUxREQFBkVVV0UwMQ HTTP/1.1
Host: db3.notify.live.net
Content-Type: text/xml
Accept: application/*
X-NotificationClass: 2
X-WindowsPhone-Target:toast
Content-Length: 220
* upload completely sent off: 220 out of 220 bytes
< HTTP/1.1 403 Forbidden
< Content-Type: text ml
< Server: Microsoft-IIS/7.5
< X-Powered-By: ASP.NET
< Date: Wed, 05 Mar 2014 03:10:19 GMT
< Content-Length: 1233
<
* Connection #0 to host db3.notify.live.net left intact
* Closing connection #0
返回的错误理由如下:
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
< ml>
* Connection #0 to host db3.notify.live.net left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
不知道具体是什么原因导致微软服务器拒绝我们的https请求,请各路高手帮忙。
先谢了!
Alex Huang