Having two certs on the server sounds like it could be the CF issue. On the length of the public key, though, depending on the type of application, you may have other problems with a cert that is shorter than 1024. For example, if the site is doing any type of e- commerce, using a public key less than 1024 is in violation of most of the major Credit Card provider's security policies.
If your data needs to be transmitted securely enough to use https, you should have a cert with a key that is at least 1024. Just my 2 cents. -Jon On Sep 25, 2006, at 11:06 AM, Marc wrote: >> -----Original Message----- >> From: Mike Chabot [mailto:[EMAIL PROTECTED] >> Sent: Monday, September 25, 2006 10:20 AM >> To: CF-Talk >> Subject: Re: SSL Certificate Changed, CFHTTP broken >> >> Last time I checked (with cfmx 6.1), cfhttp over SSL >> required a completely valid certificate. If there is >> anything wrong with the cert, the call will fail and >> there is no way to recover from the error short of >> using something other than cfhttp. Importing the cert >> into the keystore on your server is a great first thing >> to try. You should be able to see any cert errors by >> entering the URL into your Web browser. >> >> Good luck, >> Mike Chabot > > > IE and Firefox have no problem with the certificate. Opera reports > "- The > server is using a short public encryption key, which is considered > insecure." > > There are two certificates showing in Opera... Below are the > details that > Opera provides about each. Could this have anything to do with CF > puking on > it? > > They renewed on the 19th of September, which is when we started having > problems. Their tech guy says the cert is "512", not sure what he > means by > that, I assume it's the encryption key length, which IS shorter > than the > 1024 that I choose in IIS when setting up my own website certs. > I'll admit > I'm not an expert on SSL certs... > > ---------------------------------------------------------------------- > ------ > --------------------- > > Certificate name > > UTN-USERFirst-Hardware > The USERTRUST Network > http://www.usertrust.com > Salt Lake City > UT, US > > > Issuer > > AddTrust External CA Root > AddTrust AB > AddTrust External TTP Network > SE > > > Details > > Connection : TLS v1.0 128 bit ARC4 (RSA/MD5) > > The server is using a short public encryption key, which is considered > insecure. > > Certificate version: 3 > Serial number: 0x26211BF52AEB51B00BFA9FDD8D36DA9E > Not valid before: Jun 7 08:09:10 2005 GMT > Not valid after: May 30 10:48:38 2020 GMT > Fingerprint(MD5) 78 3A A4 65 E2 21 DE F2 40 29 FC 24 74 8C 83 C9 > Fingerprint(SHA-1) C5 BA DB 8D F3 C4 26 40 2F 65 D9 5B 75 D4 22 90 > B4 01 2A > 33 > > Public key algorithm: rsaEncryption > Public-Key (2048 bit): > Modulus: > 0000: 5B 48 A1 32 AB F4 92 C5 9C 49 CD E4 AC 63 7F 03 > 0010: 44 76 E1 14 8B 16 1E D0 A4 6E D0 73 89 87 4D AB > 0020: 8D 28 ED C7 EE D6 91 6B 5E 0A 9D 4C 04 7C EE 3D > 0030: DF C8 0E 88 0A BD 61 AC 3E BC 4C 66 AD 68 CD 06 > 0040: F9 BD 51 69 B0 34 49 CC 8C 0F 46 0D 29 9B 33 09 > 0050: 2E 69 9D 08 F3 21 89 FA C5 06 88 69 8E F6 AA AA > 0060: B2 8E A0 5D D3 89 C3 87 8B BC 17 98 D5 A0 1E 40 > 0070: 33 FB 5B D3 7A 2B E5 DB 8F 30 C9 C1 50 7B 9B 45 > 0080: BC 23 5E A5 C3 6E 38 07 01 2B E3 32 B1 7A 01 9A > 0090: 0C 77 31 1A FE DF 00 FB 88 A2 6B 17 71 E0 FB 6D > 00A0: A7 B6 5D B1 F1 F6 9A F0 19 B3 54 10 17 55 2A B9 > 00B0: FD 6A D0 AB 8D 5E 46 9C 79 75 C1 EC C6 E8 B1 97 > 00C0: 6C A4 33 09 95 EB 66 CD 13 2B ED 39 3A 67 10 3C > 00D0: D5 72 6A 3C 1D 96 12 74 61 BB C2 48 79 21 E0 F7 > 00E0: 16 99 38 B9 99 54 89 0D EC 2B 9F E7 F3 58 FF D2 > 00F0: 9F 6D D0 67 51 82 39 CF 7F A8 B4 3F 38 C3 F7 B1 > > Exponent: > 01 00 01 > > Public key algorithm: sha1WithRSAEncryption > 0000: 4B 02 11 4C 25 93 B9 E8 F6 CC 8E FE 4B A6 9D 07 > 0010: 23 42 F7 55 2C 91 BE D3 0F 09 21 54 21 95 5F 11 > 0020: 4F 64 37 BC AC 21 C9 32 80 A6 BC 53 4A 25 E6 2D > 0030: D7 D6 6C AC 80 3F B4 45 45 2B 04 B5 B1 AC E8 7D > 0040: BF 5C 39 84 9F 57 E6 47 10 AF 95 02 15 24 E4 9A > 0050: 91 A3 98 38 46 A7 6D 00 EB 70 7C FF 23 44 9D 75 > 0060: BD 7E C7 2A 6B DD DC 5E 8D 2E 55 B0 34 31 29 92 > 0070: 8B BA 8F 95 DD EA B0 50 A2 A0 27 98 37 6E 37 51 > 0080: FC 56 27 00 11 EE 20 5C 4D 68 B8 0E 4B C1 84 F6 > 0090: 4D 8B 8E 07 05 DB E7 83 FE 47 DC 4D C6 E1 6B CF > 00A0: 8B 7F F5 DE CD E8 44 12 BB 1D F8 8C 4E F2 C8 43 > 00B0: D6 AC 8E 4D F5 43 B1 1A F6 AB 33 AA 99 06 E7 45 > 00C0: DC 8E 09 B2 09 D3 9D 71 3C 42 26 B6 E9 A0 A0 DD > 00D0: 53 75 CD DE 96 0B 3C 05 54 17 D5 02 8E 22 44 FC > 00E0: 90 C4 AC 46 9F 48 39 2A A9 0E 6A 97 06 20 3F 3F > 00F0: 5A FA AC 95 23 7A DC 86 C8 EA D9 3B 78 8C 26 44 > > Extensions > X509v3 Authority Key Identifier: > keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A > X509v3 Subject Key Identifier: > A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45 > X509v3 Key Usage (Critical): Certificate Sign, CRL Sign > X509v3 Basic Constraints (Critical): CA:TRUE > X509v3 CRL Distribution Points: > URI:http://crl.comodoca.com/AddTrustExternalCARoot.crl > URI:http://crl.comodo.net/AddTrustExternalCARoot.crl > > > ---------------------------------------------------------------------- > ------ > --------------------- > > > Certificate name > > ntpnow.com > EMS2000 > Sole Propritor, Hosted by EMS2000, Comodo InstantSSL > Portsmouth > RI, US > postalCode: 02871 > streetAddress: 83 Rolling Hill Rd > > > Issuer > > UTN-USERFirst-Hardware > The USERTRUST Network > http://www.usertrust.com > Salt Lake City > UT, US > > > Details > > Connection : TLS v1.0 128 bit ARC4 (RSA/MD5) > > The server is using a short public encryption key, which is considered > insecure. > > Certificate version: 3 > Serial number: 0x2D6DF4384F880AF0518D4A9037973AE9 > Not valid before: Sep 19 00:00:00 2006 GMT > Not valid after: Sep 19 23:59:59 2007 GMT > Fingerprint(MD5) 78 3A A4 65 E2 21 DE F2 40 29 FC 24 74 8C 83 C9 > Fingerprint(SHA-1) C5 BA DB 8D F3 C4 26 40 2F 65 D9 5B 75 D4 22 90 > B4 01 2A > 33 > > Public key algorithm: rsaEncryption > Public-Key (512 bit): > Modulus: > 00: 97 34 DE 46 1A 68 E1 9D 05 94 E2 8D A6 4E DE 8D > 10: EA D5 97 2F C6 8F 5C 6A B7 12 DF EC C5 34 30 56 > 20: 85 B6 A5 E8 CB 7B 4C 56 11 5B 95 B9 A4 60 9E D8 > 30: 4C FA 22 6F E0 7B EB B0 45 C9 CB 16 84 56 3E D5 > > Exponent: > 01 00 01 > > Public key algorithm: sha1WithRSAEncryption > 0000: 9A 64 E4 9B 79 3B F5 58 0A DA 3A 67 DF C8 CC 7D > 0010: 47 D2 C6 18 DA 9F 19 9F 8E 1F 5F 07 16 67 D8 54 > 0020: 2C F5 9D 9B FA A8 B1 7D 3A 83 46 E3 6F AF 4F 4C > 0030: C6 B2 E4 26 90 A9 09 47 9F 9E 9D 29 87 9B 24 06 > 0040: 33 0A 5D D4 E9 47 0A 12 0B F5 0D 11 59 18 B8 CF > 0050: 96 86 FA 1E 8E F2 22 05 5A 7E F7 A2 4F 6C 77 90 > 0060: 1B 03 BC AF 40 F1 BB 21 74 7C 7E CF 84 60 E9 D3 > 0070: 30 8C 20 44 3D 34 C1 6E 9E BB B5 F2 8B 6B 00 5A > 0080: C8 6B 4D A3 54 98 FD 92 B4 FA 2E 90 33 3A 78 E1 > 0090: 39 CA 26 0B 80 D5 CD B8 38 BE 86 CB 66 0F E6 04 > 00A0: A8 80 41 1E 91 DE 59 5C 35 7D 80 02 F4 CD 8D 01 > 00B0: 37 F0 70 F8 3D 7D 8B 6A FD D7 FC BA 29 4B 04 05 > 00C0: 83 2F 52 9D 27 AC 1C 96 33 FB 2F 6B 4D EB 43 50 > 00D0: 47 00 E7 66 FA 7B C4 B4 4C F4 E3 14 50 9F 44 F7 > 00E0: 0B 76 B0 63 74 5E 04 AF 2D 00 94 18 8D D7 F1 71 > 00F0: 0F 06 69 47 FE EB 17 00 F2 55 C4 55 90 B5 CE 1A > > Extensions > X509v3 Authority Key Identifier: > keyid:A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45 > X509v3 Subject Key Identifier: > DC:67:3C:14:73:B1:32:05:B5:8C:91:B4:B3:4D:65:8A:46:15:F1:A5 > X509v3 Key Usage (Critical): Digital Signature, Key Encipherment > X509v3 Basic Constraints (Critical): CA:FALSE > X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web > Client > Authentication > Netscape Cert Type: SSL Client, SSL Server > X509v3 Certificate Policies: > Policy: 1.3.6.1.4.1.6449.1.2.1.3.4 > CPS: https://secure.comodo.net/CPS > X509v3 CRL Distribution Points: > URI:http://crl.comodoca.com/UTN-USERFirst-Hardware.crl > URI:http://crl.comodo.net/UTN-USERFirst-Hardware.crl > Authority Information Access: > CA Issuers - URI:http://crt.comodoca.com/UTNAddTrustServerCA.crt > CA Issuers - URI:http://crt.comodo.net/UTNAddTrustServerCA.crt > > ---------------------------------------------------------------------- > ------ > --------------------- > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254052 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
