Jeff, What JVM version are you using on CF9 and what do the args look like? Sometimes it's a matter of the handshake and levels of TLS/SSL - the error may be not specific enough to tell. You can enable logging to get a grip on it though. That would tell you more.
-Mark -----Original Message----- From: Jeff Garza [mailto:j...@garzasixpack.com] Sent: Thursday, July 25, 2013 12:25 PM To: cf-talk Subject: issue with cfhttp and client certificates Ok, so here's the issue. A process that was working just fine on CF9 is now broken on CF10. We have a service that we call that requires us to submit a client certificate to the server. In CF9, this worked just fine. Use the clientcert and clientcertpass attributes of CFHTTP and you're good to go. It reads the .pfx file fine and everything runs... This is not a cacerts issue as you do not have to have the key in the keystore to use it. Forward to CF10, the exact same code and certificates now gives the error: "Error while trying to get the SSL client certificate: java.security.UnrecoverableKeyException: Could not decrypt key: Could not decode key from BER. (Invalid encoding: expected tag not there. )." It's like it's unable to open the .pfx certificate file. I know this is a long shot since there are not many folks out there using client certs, but has anyone else run across this issue? Thanks, Jeff Garza ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356317 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
