You can find out what is in your keystore using the keytool (if you are using the Sun jvm). Here's the syntax.
C:\CFusionMX\runtime\jre\lib>keytool -list -storepass changit -noprompt -keystore C:\CFusionMX\runtime\jre\lib\security\cacerts I have a blog post on this issue: http://mkruger.cfwebtools.com/index.cfm?mode=entry&entry=8E44925A-B73D-E3AD- 709D4E02FD6D4588 It's a hassle I know - but you only have to do it once :) -mark -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 10:46 AM To: CF-Talk Subject: RE: cfhttp with https and self generated certificates When you choose to trust a certificate, the browser doesn't import it right away... it imports it for that session only. Why can't cfhttp have a similar setting where it allows you to use a certificate just for that session? How do I know what vendors are in the keystore? Has anyone tried using those cheap certs with CF and know whether they work out of the box? Russ > -----Original Message----- > From: Mark A Kruger [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 11:39 AM > To: CF-Talk > Subject: RE: cfhttp with https and self generated certificates > > In order to make a successful connection the key has to be imported. > Otherwise it cannot unencrypt the stream. Don't confuse this error > with the browser warning error. In the case of the browser warning it > is giving you a choice - do you want to accept (import into keystore) > this certificate? > Choosing yes, allows the cert to be trusted. > > In Java you have to do this programatically. If you use something > like X-registrar it "may" work IF that vendor is in the keystore. If > not, you would have to import that one as well. > > -Mark > > > > -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 10:25 AM > To: CF-Talk > Subject: cfhttp with https and self generated certificates > > I am trying to use cfhttp over https and I'm getting "I/O Exception: > peer not authenticated". A quck google search turns up that I need to > import the certificate into my keystore. Isn't there a way to tell > CFHTTP to ignore certificate warnings? The certificate in question is > a self generated apache certificate. Will a Turbo SSL from somewhere > like X-Registrar.com work out of the box, or will I still have to > import something? > > > > Russ > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243367 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
