> I've been investigating Coldfusion MX and it's capability > to do stuff with other sites over a secured location. > > So far I've been unable to find a solution to some problems, > maybe some of you can help. > > First I should mention that CFMX is not acepting SSL > certificates for a subdomain, if the certificate is for the > top level domain. > > You can try it yourself: > > <cfhttp url="https://www.cdnow.com/"; port="443" method="get" > resolveurl="no" throwonerror="yes"> > > Fails, because the certificate is presented for "cdnow.com", > but it SHOULD accept it, because it is a subdomain of that. > > <cfhttp url="https://cdnow.com/"; port="443" method="get" > resolveurl="no" throwonerror="yes">
In general, SSL certificates used by web servers specify a host and domain name; if both don't match, the client receiving that certificate may throw an error. For example, if you use IE 6 to go to https://www.cdnow.com/, you'll get an error saying that the certificate name is invalid. It is possible to have certificates that match multiple host names (*.cdnow.com for example), but that is the exception rather than the rule, I think. Now, in CF 5, the above code may have worked, but if if did, I suspect that's simply because CF 5 didn't actually verify that the name in the certificate matched the name used to contact the server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
