I have ColdFusion 9 installed on my system. I need to read data from an SSL encrypted site (https). I have followed all the steps described in CF documentation. That is: Go to a page on the SSL server in question. Double-click the lock icon. Click the Details tab. Click Copy To File. Select the base64 option and save the file. Copy the CER file into C:\ColdFusion8\runtime\jre\lib\security (or whichever JRE ColdFusion is using). Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin): keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer In CMD, it showed "certificate was added successfully" But it is still showing the same error peer not authenticated . Is there anything more required?

coldfusionhttpscoldfusion-9cfmlcfhttp

Deepak Kumar Padhy

Reputation: 4388

cfhttp unable to read data from https sites even after importing the certificate

I have ColdFusion 9 installed on my system.

I need to read data from an SSL encrypted site (https). I have followed all the steps described in CF documentation.

That is:

Go to a page on the SSL server in question.
Double-click the lock icon.
Click the Details tab.
Click Copy To File.
Select the base64 option and save the file.
Copy the CER file into C:\ColdFusion8\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer

In CMD, it showed "certificate was added successfully"

But it is still showing the same error peer not authenticated.

Is there anything more required?

Upvotes: 2

Answers (2)

Josh B

Reputation: 21

If you are trying to call web services in CF 11 (and maybe 10 but check that yourself), CF expects the web service or any CFHTTP call to use the WebSocket Service and port 8577 in a standard setup. This is because the WebSocket Services have been optimized for web services and CFHTTP also uses WebService Sockets.

I run CF 11 on my IIS server and port 8577 is blocked by a firewall. When I tried to connect, it sends back this error for CFHTTP and web services:

"I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

It would seem like it requires adding custom certificates to the CACERT for JRE, but that is not the solution for me.

There is a simple fix to get this running with IIS (at least IIS) if you do not want to unblock the WebSocket Service and you don't need that performance to run natively. All you have to do is go in to the CF Admin dashboard and change the WebSocket Service to "Use Proxy". This will send all calls to the CF WebSocket Service or CFHTTP through IIS as a proxy. Restart the CF Application Server service and it should work just fine. If these directions are not perfect I apologize but it will lead you to get it working. See also Using WebSocket with ColdFusion 11.

Upvotes: 2

laurie

Reputation: 1

Although the documentation doesn't specifically mention it, restarting the ColdFusion service is required. If you haven't already, that should be the first thing you try.

Upvotes: 0

cfhttp unable to read data from https sites even after importing the certificate

Answers (2)

Related Questions