ColdFusion, CFHTTP with SSL and the dreaded Peer Not Authenticated error
September 17 2012 by Marc FunaroFought this for a couple days, posting to help others.
If you're using CFHTTP to make a call to a secured (HTTPS) host, you may get an error in response... "Peer Not Authenticated".
If you google this, you should discover that: ?You probably need to import the entire certificate chain of the host you're attempting to reach, and that you need to use the KEYTOOL command line app to do this. ?This information appears in the Adobe knowledge base.
However, what may be unclear:
- How to get the certificates onto your system;
- How and where to import them
- The fact that there are TWO places you need to do this.
- Enter the URL of the host you are attempting to reach, into the browser's address bar;
- Verify the certificate for the host is valid and not expired;
- Click the lock icon next to the address bar;
- Click the Certification Path tab. ?THIS SHOWS YOU THE ENTIRE CERTIFICATE PATH... to ensure this works, you'll be saving EACH of the listed certifcates to your system. ?Make note of the lowest certificate's name, you'll need this in a moment. ?When you go to the Details tab, you'll be first working with the LOWEST certificate in the chain;
- Import the certificate by clicking the Details tab; click the Copy To File... button.
- Save it in DER format, and give it a name similar to the name that showed for this lowest certificate on the Certification Path tab, and save it to your hard drive where you can find it later.
- Next, go back to the Certification Path tab, and find THE NEXT CERTIFICATE UP from the one you just saved. ?Make note of it's name, then double-click it.
- Repeat steps 5-7 for this and each certificate in the chain.
Posted in ColdFusion | 0 comments