Home of the ColdFusion Community
|
Mailing Lists
|
Home /
Groups /
ColdFusion Talk (CF-Talk)
Important for MM Folks concerning SSL Ceritificates and ColdFusion MX
Author: Elliott Kayne
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#272147
----- Excess quoted text cut - see Original Post for more -----
>
>
> Here's what to do if you're having SSL com problems:
>
----- Excess quoted text cut - see Original Post for more -----
>
>
> keytool -import -keystore cacerts -alias giveUniqueName -file filename.
> cer
>
>
>
> * Default password is "changeit" or "change it"
> * Upon successful import restart CFMX and now CFHTTP and CFLDAP over
> SSL will work with that particular site
>
I cannot get this to work, when I run it from that dir it get file not found. If
I copy the keytool to the security dir I get a java error. Please contact me
570-686-2300 or support@onlinecorp.com to help.
>
>
>
----- Excess quoted text cut - see Original Post for more -----
----- Excess quoted text cut - see Original Post for more -----
Author: Matt Robertson
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#229953
This is probably unnecessary to ask, but just in case: You folks who can't
connect are using the proper port specification on your cfhttp call, yes? As in
using the cfhttp port parameter and specifying the url as just a plain "https://domain.com/page.cfm"?
--Matt Robertson--
Janitor, MSB Web Systems
http://mysecretbase.com
Author: Steven Erat
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#229870
Regarding the need for documentation on using SSL with LDAP:
ColdFusion TechNote
Configuring Secure SSL Connection with LDAP Directory Server
http://www.macromedia.com/go/tn_19139
Regarding using SSL with CFHTTP:
http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool
The CFHTTP, CFLDAP, and CFINVOKE tags (and createObject type webservice) in
ColdFusion MX 6/7/7.01 only support the common SSL v2 protocol and do not
support the uncommon SSL v3 protocol where a client certificate is required
in addition to a server certificate.
--
Steven Erat
http://www.talkingtree.com/blog/
--
----- Excess quoted text cut - see Original Post for more -----
Author: Mark McDonald
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#229842
So I am new to this forum... found you trying to solve a problem... I seem to be
having the same problem as described in these posts included below... can't get
CFHTTP to work on an SSL site. I keep getting a Connection Failure.
Since I don't host my site and will have to work through my hosting service to
get them to implement this solution, I wanted to check if the recommended
solution here was still current since these posts are a few years old.
Any suggestions on how to solve this without having to get my hosting service
involved or is there a more current solution??
Thanks Mark
----- Excess quoted text cut - see Original Post for more -----
>
>
> Here's what to do if you're having SSL com problems:
>
----- Excess quoted text cut - see Original Post for more -----
>
>
> keytool -import -keystore cacerts -alias giveUniqueName -file filename.
> cer
>
>
>
> * Default password is "changeit" or "change it"
> * Upon successful import restart CFMX and now CFHTTP and CFLDAP over
> SSL will work with that particular site
>
>
>
>
>
----- Excess quoted text cut - see Original Post for more -----
----- Excess quoted text cut - see Original Post for more -----
Author: Stacy Young
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#72019
NO I believe it's only for specific instances...in my case, whenever I
browse an internal site in development or QA using SSL I get prompted to
explicitly say whether or not I trust the site (Sorry I don't have the
technical explanation as to the differences with a normal certificate, maybe
it's expired?)...so I think this is what's causing the problem...I don't
believe you'll see any issues with typical SSL communications over the net.
If this is indeed a requirement, then this seems like a large barrier to use
of SSL connections. What that basically means is that you have to know in
advance every SSL server with which you want to connect.
Does that also mean that you will have to manually re-import the
certificates when they expire and they are re-issued? This could be a major
pain in the butt.
Kevin
>>> Stacy.Young@sfcommerce.com 07/10/02 02:52PM >>>
This may or may not be in the docs but I haven't seen any references to it
yet aside from a technote concerning CFLDAP and SSL communication. I'm
finding that for most of our internal SSL sites I need to manually import
each web servers SSL certificate into the keystore for the JRE used by CFMX
in order to enable HTTPS communication either by CFHTTP of CFLDAP. I think
this needs to be highlighted *somewhere* because with CF5 this was not the
case...this had me believing there was a bug in CFMX throughout the entire
beta testing cycle and has caused me to waste countless hours !!! :-(
Here's what to do if you're having SSL com problems:
* Goto a page on the SSL server in question
* Double click on the lock icon
* Goto details tab
* Click on COPY TO FILE
* Choose base64 option and save the file
* Copy the CER file into C:\CFusionMX\runtime\jre\lib\security (or
whichever JRE CFMX is using)
* Run this commandline in that same directory (keytool.exe is located
in C:\CFusionMX\runtime\jre\bin)
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
* Default password is "changeit" or "change it"
* Upon successful import restart CFMX and now CFHTTP and CFLDAP over
SSL will work with that particular site
Stacy Young
System Integration Specialist, Architecture
Surefire Commerce
http://www.sfcommerce.com <http://www.sfcommerce.com>
(p) 514-380-2700 ext: 3234
(f) 514-380-2760
AVIS IMPORTANT:
-------------------------------
Les informations contenues dans le present document et ses pieces jointes
sont strictement confidentielles et reservees a l'usage de la (des)
personne(s) a qui il est adresse. Si vous n'etes pas le destinataire, soyez
avise que toute divulgation, distribution, copie, ou autre utilisation de
ces informations est strictement prohibee. Si vous avez recu ce document
par erreur, veuillez s'il vous plait communiquer immediatement avec
l'expediteur et detruire ce document sans en faire de copie sous quelque
forme.
WARNING:
-------------------------------
The information contained in this document and attachments is confidential
and intended only for the person(s) named above. If you are not the
intended recipient you are hereby notified that any disclosure, copying,
distribution, or any other use of the information is strictly prohibited.
If you have received this document by mistake, please notify the sender
immediately and destroy this document and attachments without making any
copy of any kind.
Author: Adam Churvis
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#72015
Thanks, Kevin! This is exactly what I needed.
Respectfully,
Adam Phillip Churvis
Advanced Intensive ColdFusion MX Training
http://www.ColdFusionTraining.com
E-mail: info@coldfusiontraining.com
Phone: 770-446-8866
> If this is indeed a requirement, then this seems like a large barrier to
use of SSL connections. What that basically means is that you have to know
in advance every SSL server with which you want to connect.
>
> Does that also mean that you will have to manually re-import the
certificates when they expire and they are re-issued? This could be a major
pain in the butt.
----- Excess quoted text cut - see Original Post for more -----
CFMX
----- Excess quoted text cut - see Original Post for more -----
sont strictement confidentielles et reservees a l'usage de la (des)
personne(s) a qui il est adresse. Si vous n'etes pas le destinataire, soyez
avise que toute divulgation, distribution, copie, ou autre utilisation de
ces informations est strictement prohibee. Si vous avez recu ce document
par erreur, veuillez s'il vous plait communiquer immediatement avec
l'expediteur et detruire ce document sans en faire de copie sous quelque
forme.
>
> WARNING:
> -------------------------------
> The information contained in this document and attachments is confidential
and intended only for the person(s) named above. If you are not the
intended recipient you are hereby notified that any disclosure, copying,
distribution, or any other use of the information is strictly prohibited.
If you have received this document by mistake, please notify the sender
immediately and destroy this document and attachments without making any
copy of any kind.
Author: Kevin Miller
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#72013
If this is indeed a requirement, then this seems like a large barrier to use of
SSL connections. What that basically means is that you have to know in advance
every SSL server with which you want to connect.
Does that also mean that you will have to manually re-import the certificates
when they expire and they are re-issued? This could be a major pain in the butt.
Kevin
>>> Stacy.Young@sfcommerce.com 07/10/02 02:52PM >>>
This may or may not be in the docs but I haven't seen any references to it
yet aside from a technote concerning CFLDAP and SSL communication. I'm
finding that for most of our internal SSL sites I need to manually import
each web servers SSL certificate into the keystore for the JRE used by CFMX
in order to enable HTTPS communication either by CFHTTP of CFLDAP. I think
this needs to be highlighted *somewhere* because with CF5 this was not the
case...this had me believing there was a bug in CFMX throughout the entire
beta testing cycle and has caused me to waste countless hours !!! :-(
Here's what to do if you're having SSL com problems:
* Goto a page on the SSL server in question
* Double click on the lock icon
* Goto details tab
* Click on COPY TO FILE
* Choose base64 option and save the file
* Copy the CER file into C:\CFusionMX\runtime\jre\lib\security (or
whichever JRE CFMX is using)
* Run this commandline in that same directory (keytool.exe is located
in C:\CFusionMX\runtime\jre\bin)
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
* Default password is "changeit" or "change it"
* Upon successful import restart CFMX and now CFHTTP and CFLDAP over
SSL will work with that particular site
Stacy Young
System Integration Specialist, Architecture
Surefire Commerce
http://www.sfcommerce.com <http://www.sfcommerce.com>
(p) 514-380-2700 ext: 3234
(f) 514-380-2760
AVIS IMPORTANT:
-------------------------------
Les informations contenues dans le present document et ses pieces jointes sont
strictement confidentielles et reservees a l'usage de la (des) personne(s) a qui
il est adresse. Si vous n'etes pas le destinataire, soyez avise que toute
divulgation, distribution, copie, ou autre utilisation de ces informations est
strictement prohibee. Si vous avez recu ce document par erreur, veuillez s'il
vous plait communiquer immediatement avec l'expediteur et detruire ce document
sans en faire de copie sous quelque forme.
WARNING:
-------------------------------
The information contained in this document and attachments is confidential and
intended only for the person(s) named above. If you are not the intended
recipient you are hereby notified that any disclosure, copying, distribution, or
any other use of the information is strictly prohibited. If you have received
this document by mistake, please notify the sender immediately and destroy this
document and attachments without making any copy of any kind.
Author: Stacy Young
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:13865#72003
This may or may not be in the docs but I haven't seen any references to it
yet aside from a technote concerning CFLDAP and SSL communication. I'm
finding that for most of our internal SSL sites I need to manually import
each web servers SSL certificate into the keystore for the JRE used by CFMX
in order to enable HTTPS communication either by CFHTTP of CFLDAP. I think
this needs to be highlighted *somewhere* because with CF5 this was not the
case...this had me believing there was a bug in CFMX throughout the entire
beta testing cycle and has caused me to waste countless hours !!! :-(
Here's what to do if you're having SSL com problems:
* Goto a page on the SSL server in question
* Double click on the lock icon
* Goto details tab
* Click on COPY TO FILE
* Choose base64 option and save the file
* Copy the CER file into C:\CFusionMX\runtime\jre\lib\security (or
whichever JRE CFMX is using)
* Run this commandline in that same directory (keytool.exe is located
in C:\CFusionMX\runtime\jre\bin)
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
* Default password is "changeit" or "change it"
* Upon successful import restart CFMX and now CFHTTP and CFLDAP over
SSL will work with that particular site
Stacy Young
System Integration Specialist, Architecture
Surefire Commerce
http://www.sfcommerce.com <http://www.sfcommerce.com>
(p) 514-380-2700 ext: 3234
(f) 514-380-2760
AVIS IMPORTANT:
-------------------------------
Les informations contenues dans le present document et ses pieces jointes sont
strictement confidentielles et reservees a l'usage de la (des) personne(s) a qui
il est adresse. Si vous n'etes pas le destinataire, soyez avise que toute
divulgation, distribution, copie, ou autre utilisation de ces informations est
strictement prohibee. Si vous avez recu ce document par erreur, veuillez s'il
vous plait communiquer immediatement avec l'expediteur et detruire ce document
sans en faire de copie sous quelque forme.
WARNING:
-------------------------------
The information contained in this document and attachments is confidential and
intended only for the person(s) named above. If you are not the intended
recipient you are hereby notified that any disclosure, copying, distribution, or
any other use of the information is strictly prohibited. If you have received
this document by mistake, please notify the sender immediately and destroy this
document and attachments without making any copy of any kind.
|
May 24, 2012
|
Latest Fusion Authority Articles
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
