Reputation: 293
Importing First Data certificate into ColdFusion
I've tried to import the certificate from First Data into my ColdFusion 9 setup using the keytool as so:
keytool -importcert -keystore MYCF9Dir\runtime\jre\lib\security\cacerts -trustcacerts -alias firstdata -file FirstData.pem
The import seems to work, however when I access the WSDL via any ColdFusion function or tag it throws a "I/O Exception: Received fatal alert: handshake_failure". Which tells me it can't access the site with the certificates that it has, or can't find it.
So, am I importing the certificate correctly? And if I am, how else can I access this WSDL with ColdFusion?
Upvotes: 3
Views: 1771
Answers (3)
Reputation: 95
I had a similar issue and just in case someone is facing the same issue, this is how I solved mine. I had a .pem file and this was showing it has imported successfully in the Cacert keystore within ColdFusion but the remote API(server) I was trying to hit was not recognising the certificate for some reasons. So I first of all converted the .pem certificate into a PKCS12 format file using OpenSSL - this link helped:http://cc.in2p3.fr/docenligne/84/en#0.4 (at the bottom). I then used the CFHTTP CF tag like below:
<cfhttp
url="https://urlToAPI"
method="POST"
clientCert="path to the file (.p12)"
clientCertPassword="password"
result="result">
This did it for me. I hope it helps someone.
Upvotes: 0
Reputation: 2061
I had the same issue when I was integrating with Java. Though I'm not sure what you would do in ColdFusion but I imagine this can point you in the right direction.
To avoid the issue, you would need to create a SSLContext and present it to the firstdata server manually before you can do anything else.
In Java this is what I did:
KeyStore ksjks = KeyStore.getInstance(KeyStore.getDefaultType());
ksjks.load(new FileInputStream("/path/to/your/p12/file"),"password".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ksjks, "password".toCharArray());
SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(kmf.getKeyManagers(), null, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
And you would use this context in your client as follows:
URL url = new URL("serverUrl");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
urlConn.setSSLSocketFactory(sslSocketFactory);
Hope that helps you. Peace!
Upvotes: 0
Reputation: 1076
Have you considered using the .crt file instead of the .pem file? I just used
keytool -importcert -keystore C:\Coldfusion9\runtime\jre\lib\security\cacerts -trustcacerts -alias myserver -file myserver.crt
And now it works just fine.
Hope this helps.
Upvotes: 0
Related Questions
- ColdFusion CFHTTP I/O Exception: peer not authenticated - even after adding certs to Keystore
- How to import an OpenSSL key file into the Windows Certificate Store
- ColdFusion SSL authentication failure
- Error consuming a web service with ColdFusion 11
- ColdFusion CFHTTP and SSL Certs
- cfhttp unable to read data from https sites even after importing the certificate
- Import Certificate for ColdFusion10
- First data api certificate creation error in asp.net
- Managing Certificates In CF Administrator
- Adding root certificate with CF 3.5