ColdFusion 10 HTTP SSL

Question

I'm running a site and several sub domains on ColdFuson 10 Standard, we have just upgraded from ColdFusion 9 where everything was working fine.

The sites have a wildcard ssl certificate installed so all the sub domains are secured. I'm making http calls between the sites but getting the I/O Exception: peer not authenticated error.

Charset [empty string]
ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure
Header  [empty string]
Mimetype    Unable to determine MIME type of file.
Responseheader    struct [empty]
Statuscode  Connection Failure. Status code unavailable.
Text    YES

I've installed the certificate in the correct key store and verified it's there using keytool -listand restarted, but still get the authentication error.

I know this is a common problem and is usually fixed by installing the certificate and there are workarounds for ColdFusion Enterprise but I'm struggling to get this working on Standard. Any suggestions?

Answer 1

After many days of investigation I came across this blog post which leads to bug report #3598342.

It turns out to be an issue on Windows 2012 servers running IIS 8. There is an option on the site binding to 'Require Server Name Indication' or 'SNI'. Turning this option off allows cfhttp to connect via https.

It turns out this is an issue with the HttpClient library and has been fixed in builds 288845, 288846 and 290605. Which doesn't really help as the last update 13 only gives me build 287689.

Answer 2

This could be an issue I have run across where I had to import the secure server certificate into coldfusion before it would allow me to connect.

http://helpx.adobe.com/coldfusion/kb/import-certificates-certificate-stores-coldfusion.html

Import Certificate for ColdFusion10

Hope that helps. I know it helped me!