November 6, 2024

Pages


Search Site


Topics


Links


Archives

ColdFusion, CFHTTP with SSL and the dreaded Peer Not Authenticated error

September 17 2012 by Marc Funaro

Fought this for a couple days, posting to help others.

If you're using CFHTTP to make a call to a secured (HTTPS) host, you may get an error in response... "Peer Not Authenticated".

If you google this, you should discover that: ?You probably need to import the entire certificate chain of the host you're attempting to reach, and that you need to use the KEYTOOL command line app to do this. ?This information appears in the Adobe knowledge base.

However, what may be unclear:

  1. How to get the certificates onto your system;
  2. How and where to import them
  3. The fact that there are TWO places you need to do this.
Getting the certificates onto your system is the easiest part. ?For simplicity I've described how to do this using Internet Explorer.
  1. Enter the URL of the host you are attempting to reach, into the browser's address bar;
  2. Verify the certificate for the host is valid and not expired;
  3. Click the lock icon next to the address bar;
  4. Click the Certification Path tab. ?THIS SHOWS YOU THE ENTIRE CERTIFICATE PATH... to ensure this works, you'll be saving EACH of the listed certifcates to your system. ?Make note of the lowest certificate's name, you'll need this in a moment. ?When you go to the Details tab, you'll be first working with the LOWEST certificate in the chain;
  5. Import the certificate by clicking the Details tab; click the Copy To File... button.
  6. Save it in DER format, and give it a name similar to the name that showed for this lowest certificate on the Certification Path tab, and save it to your hard drive where you can find it later.
  7. Next, go back to the Certification Path tab, and find THE NEXT CERTIFICATE UP from the one you just saved. ?Make note of it's name, then double-click it.
  8. Repeat steps 5-7 for this and each certificate in the chain.

Now you should have one or more certificates saved to your hard drive. ?The next step is to import them into the storage area used by ColdFusion to trust remote secure hosts. ?This SHOULD be easy, however, two factors come into play: ?Which Java runtime ColdFusion is using, and which file(s) are used for the storage area.

In my case, I spent time importing three certificates into all the CASTORE files on my entire C:\ drive, after trying in vain to use the one noted in the adobe article. ?I later discovered that yes, the CASTORE file I needed was the one in the subdirectory of the JAVA HOME path that appears in ColdFusion admin's settings summary. ?This helped, but still wasn't the whole story.

I later learned in a TEENY TINY TIDBIT inside another person's comment on an obscure blog post that you also should import the certificate(s) into the file named TRUSTSTORE. ?In my case, the only relevant TRUSTSTORE file was found in C:\JRun4\lib.

To top it off, after you import to the correct CACERTS and TRUSTSTORE files, you need to restart CF in order for the new certs to be recognized.

Lastly, I got really sick and tired of using the command line interface... so I downloaded the free?KeyStore Explorer 4.1.1 ?from this website:

http://www.lazgosoftware.com/kse/downloads.html

Which made opening and viewing the storage area files, and properly importing the certificates, much much easier.

If when using KeyStore explorer you get an alert saying the certificate could not be trusted during import, just proceed to view it in that app (it will show it to you automatically) and then respond "OK" when asked if you're sure.

Hope this saves someone else some trouble.

Posted in ColdFusion | 0 comments

ColdFusion 8 JRUN instance, Eclipse, and RDS

January 25 2012 by Marc Funaro

Never got around to configuring RDS in Eclipse... today I decided to figure it out for my local Eclipse, against my office dev server. ?Here are my findings.

Read more...

Posted in ColdFusion |

Droid speakerphone issue

January 25 2010 by Marc Funaro

I just confirmed a bug today with my motorola droid, android version 2.0.1.? Placed a call today, and turned on speakerphone.? Call recipient could not hear me talking.? Turned speakerphone off, and it worked fine.? A complete power-off of the Droid (press and hold power button, and choose Power Off) and then turning it back on fixed the problem.

Hope this helps someone else without going crazy trying different things -- and let's hope an update comes down the line soon that fixes this issue with the software!

Read more...

Posted in Droid |

New Droid Rocks; How-To for iTunes users

January 17 2010 by Marc Funaro

The Droid... one of the most useful new devices in my life.

Read about how to sync iTunes/playlists to droid, how to sync Outlook to Droid, and my overall impressions on this cool gadget.

Read more...

Posted in Droid |

Documentation is Key

July 24 2009 by Marc Funaro

Yeah, it's obvious to say, but after this week's experiences, it needs to be said again.

Read more...

Posted in ColdFusion |