> -----Original Message-----
> From: Mike Chabot [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 25, 2006 10:20 AM
> To: CF-Talk
> Subject: Re: SSL Certificate Changed, CFHTTP broken
>
> Last time I checked (with cfmx 6.1), cfhttp over SSL
> required a completely valid certificate. If there is
> anything wrong with the cert, the call will fail and
> there is no way to recover from the error short of
> using something other than cfhttp. Importing the cert
> into the keystore on your server is a great first thing
> to try. You should be able to see any cert errors by
> entering the URL into your Web browser.
>
> Good luck,
> Mike Chabot
IE and Firefox have no problem with the certificate. Opera reports "- The
server is using a short public encryption key, which is considered
insecure."
There are two certificates showing in Opera... Below are the details that
Opera provides about each. Could this have anything to do with CF puking on
it?
They renewed on the 19th of September, which is when we started having
problems. Their tech guy says the cert is "512", not sure what he means by
that, I assume it's the encryption key length, which IS shorter than the
1024 that I choose in IIS when setting up my own website certs. I'll admit
I'm not an expert on SSL certs...
----------------------------------------------------------------------------
---------------------
Certificate name
UTN-USERFirst-Hardware
The USERTRUST Network
http://www.usertrust.com
Salt Lake City
UT, US
Issuer
AddTrust External CA Root
AddTrust AB
AddTrust External TTP Network
SE
Details
Connection : TLS v1.0 128 bit ARC4 (RSA/MD5)
The server is using a short public encryption key, which is considered
insecure.
Certificate version: 3
Serial number: 0x26211BF52AEB51B00BFA9FDD8D36DA9E
Not valid before: Jun 7 08:09:10 2005 GMT
Not valid after: May 30 10:48:38 2020 GMT
Fingerprint(MD5) 78 3A A4 65 E2 21 DE F2 40 29 FC 24 74 8C 83 C9
Fingerprint(SHA-1) C5 BA DB 8D F3 C4 26 40 2F 65 D9 5B 75 D4 22 90 B4 01 2A
33
Public key algorithm: rsaEncryption
Public-Key (2048 bit):
Modulus:
0000: 5B 48 A1 32 AB F4 92 C5 9C 49 CD E4 AC 63 7F 03
0010: 44 76 E1 14 8B 16 1E D0 A4 6E D0 73 89 87 4D AB
0020: 8D 28 ED C7 EE D6 91 6B 5E 0A 9D 4C 04 7C EE 3D
0030: DF C8 0E 88 0A BD 61 AC 3E BC 4C 66 AD 68 CD 06
0040: F9 BD 51 69 B0 34 49 CC 8C 0F 46 0D 29 9B 33 09
0050: 2E 69 9D 08 F3 21 89 FA C5 06 88 69 8E F6 AA AA
0060: B2 8E A0 5D D3 89 C3 87 8B BC 17 98 D5 A0 1E 40
0070: 33 FB 5B D3 7A 2B E5 DB 8F 30 C9 C1 50 7B 9B 45
0080: BC 23 5E A5 C3 6E 38 07 01 2B E3 32 B1 7A 01 9A
0090: 0C 77 31 1A FE DF 00 FB 88 A2 6B 17 71 E0 FB 6D
00A0: A7 B6 5D B1 F1 F6 9A F0 19 B3 54 10 17 55 2A B9
00B0: FD 6A D0 AB 8D 5E 46 9C 79 75 C1 EC C6 E8 B1 97
00C0: 6C A4 33 09 95 EB 66 CD 13 2B ED 39 3A 67 10 3C
00D0: D5 72 6A 3C 1D 96 12 74 61 BB C2 48 79 21 E0 F7
00E0: 16 99 38 B9 99 54 89 0D EC 2B 9F E7 F3 58 FF D2
00F0: 9F 6D D0 67 51 82 39 CF 7F A8 B4 3F 38 C3 F7 B1
Exponent:
01 00 01
Public key algorithm: sha1WithRSAEncryption
0000: 4B 02 11 4C 25 93 B9 E8 F6 CC 8E FE 4B A6 9D 07
0010: 23 42 F7 55 2C 91 BE D3 0F 09 21 54 21 95 5F 11
0020: 4F 64 37 BC AC 21 C9 32 80 A6 BC 53 4A 25 E6 2D
0030: D7 D6 6C AC 80 3F B4 45 45 2B 04 B5 B1 AC E8 7D
0040: BF 5C 39 84 9F 57 E6 47 10 AF 95 02 15 24 E4 9A
0050: 91 A3 98 38 46 A7 6D 00 EB 70 7C FF 23 44 9D 75
0060: BD 7E C7 2A 6B DD DC 5E 8D 2E 55 B0 34 31 29 92
0070: 8B BA 8F 95 DD EA B0 50 A2 A0 27 98 37 6E 37 51
0080: FC 56 27 00 11 EE 20 5C 4D 68 B8 0E 4B C1 84 F6
0090: 4D 8B 8E 07 05 DB E7 83 FE 47 DC 4D C6 E1 6B CF
00A0: 8B 7F F5 DE CD E8 44 12 BB 1D F8 8C 4E F2 C8 43
00B0: D6 AC 8E 4D F5 43 B1 1A F6 AB 33 AA 99 06 E7 45
00C0: DC 8E 09 B2 09 D3 9D 71 3C 42 26 B6 E9 A0 A0 DD
00D0: 53 75 CD DE 96 0B 3C 05 54 17 D5 02 8E 22 44 FC
00E0: 90 C4 AC 46 9F 48 39 2A A9 0E 6A 97 06 20 3F 3F
00F0: 5A FA AC 95 23 7A DC 86 C8 EA D9 3B 78 8C 26 44
Extensions
X509v3 Authority Key Identifier:
keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
X509v3 Subject Key Identifier:
A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
X509v3 Key Usage (Critical): Certificate Sign, CRL Sign
X509v3 Basic Constraints (Critical): CA:TRUE
X509v3 CRL Distribution Points:
URI:http://crl.comodoca.com/AddTrustExternalCARoot.crl
URI:http://crl.comodo.net/AddTrustExternalCARoot.crl
----------------------------------------------------------------------------
---------------------
Certificate name
ntpnow.com
EMS2000
Sole Propritor, Hosted by EMS2000, Comodo InstantSSL
Portsmouth
RI, US
postalCode: 02871
streetAddress: 83 Rolling Hill Rd
Issuer
UTN-USERFirst-Hardware
The USERTRUST Network
http://www.usertrust.com
Salt Lake City
UT, US
Details
Connection : TLS v1.0 128 bit ARC4 (RSA/MD5)
The server is using a short public encryption key, which is considered
insecure.
Certificate version: 3
Serial number: 0x2D6DF4384F880AF0518D4A9037973AE9
Not valid before: Sep 19 00:00:00 2006 GMT
Not valid after: Sep 19 23:59:59 2007 GMT
Fingerprint(MD5) 78 3A A4 65 E2 21 DE F2 40 29 FC 24 74 8C 83 C9
Fingerprint(SHA-1) C5 BA DB 8D F3 C4 26 40 2F 65 D9 5B 75 D4 22 90 B4 01 2A
33
Public key algorithm: rsaEncryption
Public-Key (512 bit):
Modulus:
00: 97 34 DE 46 1A 68 E1 9D 05 94 E2 8D A6 4E DE 8D
10: EA D5 97 2F C6 8F 5C 6A B7 12 DF EC C5 34 30 56
20: 85 B6 A5 E8 CB 7B 4C 56 11 5B 95 B9 A4 60 9E D8
30: 4C FA 22 6F E0 7B EB B0 45 C9 CB 16 84 56 3E D5
Exponent:
01 00 01
Public key algorithm: sha1WithRSAEncryption
0000: 9A 64 E4 9B 79 3B F5 58 0A DA 3A 67 DF C8 CC 7D
0010: 47 D2 C6 18 DA 9F 19 9F 8E 1F 5F 07 16 67 D8 54
0020: 2C F5 9D 9B FA A8 B1 7D 3A 83 46 E3 6F AF 4F 4C
0030: C6 B2 E4 26 90 A9 09 47 9F 9E 9D 29 87 9B 24 06
0040: 33 0A 5D D4 E9 47 0A 12 0B F5 0D 11 59 18 B8 CF
0050: 96 86 FA 1E 8E F2 22 05 5A 7E F7 A2 4F 6C 77 90
0060: 1B 03 BC AF 40 F1 BB 21 74 7C 7E CF 84 60 E9 D3
0070: 30 8C 20 44 3D 34 C1 6E 9E BB B5 F2 8B 6B 00 5A
0080: C8 6B 4D A3 54 98 FD 92 B4 FA 2E 90 33 3A 78 E1
0090: 39 CA 26 0B 80 D5 CD B8 38 BE 86 CB 66 0F E6 04
00A0: A8 80 41 1E 91 DE 59 5C 35 7D 80 02 F4 CD 8D 01
00B0: 37 F0 70 F8 3D 7D 8B 6A FD D7 FC BA 29 4B 04 05
00C0: 83 2F 52 9D 27 AC 1C 96 33 FB 2F 6B 4D EB 43 50
00D0: 47 00 E7 66 FA 7B C4 B4 4C F4 E3 14 50 9F 44 F7
00E0: 0B 76 B0 63 74 5E 04 AF 2D 00 94 18 8D D7 F1 71
00F0: 0F 06 69 47 FE EB 17 00 F2 55 C4 55 90 B5 CE 1A
Extensions
X509v3 Authority Key Identifier:
keyid:A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
X509v3 Subject Key Identifier:
DC:67:3C:14:73:B1:32:05:B5:8C:91:B4:B3:4D:65:8A:46:15:F1:A5
X509v3 Key Usage (Critical): Digital Signature, Key Encipherment
X509v3 Basic Constraints (Critical): CA:FALSE
X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client
Authentication
Netscape Cert Type: SSL Client, SSL Server
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
CPS: https://secure.comodo.net/CPS
X509v3 CRL Distribution Points:
URI:http://crl.comodoca.com/UTN-USERFirst-Hardware.crl
URI:http://crl.comodo.net/UTN-USERFirst-Hardware.crl
Authority Information Access:
CA Issuers - URI:http://crt.comodoca.com/UTNAddTrustServerCA.crt
CA Issuers - URI:http://crt.comodo.net/UTNAddTrustServerCA.crt
----------------------------------------------------------------------------
---------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254042
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
