NO I believe it's only for specific instances...in my case, whenever I browse an internal site in development or QA using SSL I get prompted to explicitly say whether or not I trust the site (Sorry I don't have the technical explanation as to the differences with a normal certificate, maybe it's expired?)...so I think this is what's causing the problem...I don't believe you'll see any issues with typical SSL communications over the net.
-----Original Message----- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 6:33 PM To: CF-Talk Subject: Re: Important for MM Folks concerning SSL Ceritificates and CFMX If this is indeed a requirement, then this seems like a large barrier to use of SSL connections. What that basically means is that you have to know in advance every SSL server with which you want to connect. Does that also mean that you will have to manually re-import the certificates when they expire and they are re-issued? This could be a major pain in the butt. Kevin >>> [EMAIL PROTECTED] 07/10/02 02:52PM >>> This may or may not be in the docs but I haven't seen any references to it yet aside from a technote concerning CFLDAP and SSL communication. I'm finding that for most of our internal SSL sites I need to manually import each web servers SSL certificate into the keystore for the JRE used by CFMX in order to enable HTTPS communication either by CFHTTP of CFLDAP. I think this needs to be highlighted *somewhere* because with CF5 this was not the case...this had me believing there was a bug in CFMX throughout the entire beta testing cycle and has caused me to waste countless hours !!! :-( Here's what to do if you're having SSL com problems: * Goto a page on the SSL server in question * Double click on the lock icon * Goto details tab * Click on COPY TO FILE * Choose base64 option and save the file * Copy the CER file into C:\CFusionMX\runtime\jre\lib\security (or whichever JRE CFMX is using) * Run this commandline in that same directory (keytool.exe is located in C:\CFusionMX\runtime\jre\bin) keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer * Default password is "changeit" or "change it" * Upon successful import restart CFMX and now CFHTTP and CFLDAP over SSL will work with that particular site Stacy Young System Integration Specialist, Architecture Surefire Commerce http://www.sfcommerce.com <http://www.sfcommerce.com> (p) 514-380-2700 ext: 3234 (f) 514-380-2760 AVIS IMPORTANT: ------------------------------- Les informations contenues dans le present document et ses pieces jointes sont strictement confidentielles et reservees a l'usage de la (des) personne(s) a qui il est adresse. Si vous n'etes pas le destinataire, soyez avise que toute divulgation, distribution, copie, ou autre utilisation de ces informations est strictement prohibee. Si vous avez recu ce document par erreur, veuillez s'il vous plait communiquer immediatement avec l'expediteur et detruire ce document sans en faire de copie sous quelque forme. WARNING: ------------------------------- The information contained in this document and attachments is confidential and intended only for the person(s) named above. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution, or any other use of the information is strictly prohibited. If you have received this document by mistake, please notify the sender immediately and destroy this document and attachments without making any copy of any kind. ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
