I decided to skip the hassle and buy a $30 cert from X-Registrar. Took only a few mins and now it works with CF and I get no warning on the browser. I think that's money well spent. (I'll see if I can use the same cert to secure pop3s and smtps, to get rid of those annoying warnings in thunderbird).
Thanks for your help all. Russ > -----Original Message----- > From: Mark A Kruger [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 1:11 PM > To: CF-Talk > Subject: RE: cfhttp with https and self generated certificates > > You can find out what is in your keystore using the keytool (if you are > using the Sun jvm). Here's the syntax. > > C:\CFusionMX\runtime\jre\lib>keytool -list -storepass changit -noprompt > -keystore C:\CFusionMX\runtime\jre\lib\security\cacerts > > I have a blog post on this issue: > > http://mkruger.cfwebtools.com/index.cfm?mode=entry&entry=8E44925A-B73D- > E3AD- > 709D4E02FD6D4588 > > It's a hassle I know - but you only have to do it once :) > > -mark > > > > > -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 10:46 AM > To: CF-Talk > Subject: RE: cfhttp with https and self generated certificates > > When you choose to trust a certificate, the browser doesn't import it > right > away... it imports it for that session only. Why can't cfhttp have a > similar setting where it allows you to use a certificate just for that > session? > > How do I know what vendors are in the keystore? Has anyone tried using > those cheap certs with CF and know whether they work out of the box? > > Russ > > > -----Original Message----- > > From: Mark A Kruger [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 13, 2006 11:39 AM > > To: CF-Talk > > Subject: RE: cfhttp with https and self generated certificates > > > > In order to make a successful connection the key has to be imported. > > Otherwise it cannot unencrypt the stream. Don't confuse this error > > with the browser warning error. In the case of the browser warning it > > is giving you a choice - do you want to accept (import into keystore) > > this certificate? > > Choosing yes, allows the cert to be trusted. > > > > In Java you have to do this programatically. If you use something > > like X-registrar it "may" work IF that vendor is in the keystore. If > > not, you would have to import that one as well. > > > > -Mark > > > > > > > > -----Original Message----- > > From: Russ [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 13, 2006 10:25 AM > > To: CF-Talk > > Subject: cfhttp with https and self generated certificates > > > > I am trying to use cfhttp over https and I'm getting "I/O Exception: > > peer not authenticated". A quck google search turns up that I need to > > import the certificate into my keystore. Isn't there a way to tell > > CFHTTP to ignore certificate warnings? The certificate in question is > > a self generated apache certificate. Will a Turbo SSL from somewhere > > like X-Registrar.com work out of the box, or will I still have to > > import something? > > > > > > > > Russ > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243384 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
