Maybe we can take a step back and get some more details. Because I'm semi confident we're all trying to help Gavin find a solution, preferably before he has to shell out more cash for a different cert.
- what sort of certificate is it? - where did it come from? - does the cert match the host name? - is the cert issued from one of the 'pre trusted' authorities. - is it just an SSL cert or are we talking about client certs too? - etc Sent from my iPhone On 06/08/2010, at 8:31 PM, "Dale Fraser" <d...@fraser.id.au> wrote: > I setup a https: webservice a week ago, didn't have to do anything, it > worked. > > But we are using real certificates. I called it from multiple other > ColdFusion servers, it was an API for a third party developer, they had no > issues either. > > Regards > Dale Fraser > > http://dale.fraser.id.au > http://cfmldocs.com > http://learncf.com > http://flexcf.com > > > -----Original Message----- > From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf > Of MrBuzzy > Sent: Friday, 6 August 2010 8:16 PM > To: cfaussie@googlegroups.com > Subject: Re: [cfaussie] Comsume https webservice > > Ooh them's fightin' words Dale! > Wildcard certs can also require importing too sometimes. I recall Phil had > to do so once ...? > > Not the cert, but the signing authority needs to be trusted. Vague memories. > > > Hicup. I should put down the phone or the beer or both. > > Sent from my iPhone > > On 06/08/2010, at 7:22 PM, "Dale Fraser" <d...@fraser.id.au> wrote: > >> Im pretty sure this wouldn't be a problem if you just use a real >> wildcard cert, seems like a lot of time wasted for a $400 spend >> >> Regards >> Dale Fraser >> >> http://dale.fraser.id.au >> http://cfmldocs.com >> http://learncf.com >> http://flexcf.com >> >> -----Original Message----- >> From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On >> Behalf Of Gavin Beau Baumanis >> Sent: Friday, 6 August 2010 3:58 PM >> To: cfaussie@googlegroups.com >> Subject: Re: [cfaussie] Comsume https webservice >> >> Yup - most certainly - after every change. >> All this work is on our staging server - so we're free to restart >> services as often as required. >> >> >> Gavin. >> >> >> On 06/08/2010, at 3:15 PM, skateboard.com.au wrote: >> >>> have you restarted cf after adding the cert into the keystore? >>> >>> Drew Peacock >>> >>> >>> >>> -----Original Message----- >>> From: Gavin Beau Baumanis <b...@palcare.com.au> >>> To: cfaussie@googlegroups.com >>> Date: Fri, 6 Aug 2010 15:10:42 +1000 >>> Subject: Re: [cfaussie] Comsume https webservice >>> >>>> Now remember how I said EVERYTHING was working correctly for >>>> straight hhtp? >>>> >>>> >>>> Well that hasn't changed - but I have to wonder how? >>>> >>>> Here is the code I am using; >>>> <cfset remoteLoginService = createObject("component", >>>> >>>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Serv >>>> i >>>> c >>>> e.cfc?wsdl")> >>>> >>>> should it not be?; >>>> <cfset remoteLoginService = createObject("webservice", >>>> "https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)> >>>> >>>> I did try this by the way - and I still get the unauthenticated peer >>>> error message.... but I just thought it odd that thew previous >>>> version worked at all. >>>> >>>> I also a "." (period) used instead of the "?" in CFLIVEDOCS - which >>>> I also tried - without success. >>>> Once again I got the authentication error..... so it would seem my >>>> underlying issue is still a certificate error - but if someone could >>>> shoot me the correct code to use when invoking a web service >>>> (perhaps you have one in your code already??) - that would be most > handy. >>>> >>>> >>>> Gavin. >>>> >>>> >>>> On 06/08/2010, at 1:01 PM, Gavin Beau Baumanis wrote: >>>> >>>>> Hi Kai, >>>>> >>>>> Here is what CFAdmin tells me; >>>>> >>>>> JVM Details >>>>> Java Version 1.6.0_14 >>>>> Java Vendor Sun Microsystems Inc. >>>>> Java Vendor URL http://java.sun.com/ >>>>> Java Home /opt/coldfusion9/runtime/jre >>>>> >>>>> Java VM Specification Version 1.0 >>>>> Java VM Specification Vendor Sun Microsystems Inc. >>>>> Java VM Specification Name Java Virtual Machine Specification >>>>> Java VM Version 14.0-b16 >>>>> Java VM Vendor Sun Microsystems Inc. >>>>> Java VM Name Java HotSpot(TM) Server VM >>>>> Java Specification Version 1.6 >>>>> Java Specification Vendor Sun Microsystems Inc. >>>>> Java Specification Name Java Platform API Specification >>>>> Java Class Version 50.0 >>>>> >>>>> >>>>> So I am going to go with - we're using the normal / standard CF >>>> install version. >>>>> >>>>> Gavin >>>>> >>>>> >>>>> On 06/08/2010, at 12:58 PM, Kai Koenig wrote: >>>>> >>>>>> Just to double check and a random idea - are you running this on >>>>>> the >>>> standard JVM that comes with CF or has it been upgraded to 1.6.20+? >>>>>> >>>>>> Cheers >>>>>> Kai >>>>>> >>>>>> >>>>>>> Okay some more news... but it is still not working. >>>>>>> >>>>>>> When I try to delete a certificate from the Java KeyStore using >>>>>>> the >>>> certman CFIDE extension it throws an error. >>>>>>> Subsequently I have reverted to using the command line to do the >>>> KeyStore maintenance. >>>>>>> >>>>>>> Here is what I have done; >>>>>>> >>>>>>> Imported into the KeyStore the public key used to access our SSL >>>> secured website. (I.e the key we would issue to a client so that >>>> they could access the site. >>>>>>> >>>>>>> in code this following line; >>>>>>> <cfset remoteLoginService = createObject("component", >>>>>>> >>>> >>>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Serv >>>> i >>>> c >>>> e.cfc?wsdl")> >>>>>>> >>>>>>> causes this error; >>>>>>> Unable to read WSDL from URL: >>>> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error: >>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. >>>>>>> >>>>>>> Now I don't know if this is the same thing or not, but I exported >>>> (via Firefox - by clicking on the padlock icon and choosing EXPORT) >>>> the certificate at the website. >>>>>>> Imported THAT certificate in the Java KeyStore - get the same >>>> error as above. >>>>>>> >>>>>>> >>>>>>> I then read on a blog - something about requiring the certificate >>>> used to sign the public key and since we signed the key ourselves I >>>> added that to the Java KeyStore too. >>>>>>> But unfortunately - I still get the same error. >>>>>>> >>>>>>> The command line confirms that the certs are indeed in the >>>>>>> KeyStore >>>> - as does the CertMan CFIDE extension. >>>>>>> I have restarted the CF service after each certificate >>>> installation. >>>>>>> >>>>>>> It would "seem" I have done everything required - but it still >>>> doesn't work. >>>>>>> >>>>>>> And let me also say that if I place the exact same CFCs and >>>>>>> calling >>>> code onto a non-SSL path - then the web service is consumed >>>> correctly >>>> - so am really confident it is not a CFML coding issue. >>>>>>> >>>>>>> >>>>>>> If anyone has any ideas at all - I would be most appreciative - >>>>>>> Of >>>> course - if I do get it working - I will let everyone know what I did. >>>>>>> >>>>>>> Gavin. >>>>>>> >>>>>>> >>>>>>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote: >>>>>>> >>>>>>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never >>>> know. >>>>>>>> >>>>>>>> I guess you're back to the challenge of importing it correctly. >>>>>>>> Or >>>> there's some other issue going on. >>>>>>>> >>>>>>>> Sent from my iPhone >>>>>>>> >>>>>>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis >>>> <b...@palcare.com.au> wrote: >>>>>>>> >>>>>>>>> I don't get a cert warning in the browser because I have "that" >>>> cert and only that cert installed in the browser already. >>>>>>>>> >>>>>>>>> Our staging sites have all been confired to allow the same >>>> developer's client cert - thus one cert for all staging sites. >>>>>>>>> >>>>>>>>> Thus only have one cert installed means you don't even get the >>>> prompt for the cert it's just automatically applied by firefox - >>>> after the first run of course... >>>>>>>>> >>>>>>>>> Well - at least that's what I am putting it (the working in the >>>> browser) down to anyway. >>>>>>>>> >>>>>>>>> As for the JVM that we're using - to be honest - I wouldn't >>>>>>>>> have >>>> a clue... but since we're running CF9 - would it not be using >>>> whatever >>>> CF9 gets bundled with? >>>>>>>>> >>>>>>>>> >>>>>>>>> Gavin. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote: >>>>>>>>> >>>>>>>>>> What I find interesting is your browser does not give any >>>> certificate warnings when viewing the wsdl over https. That usually >>>> means you wont need to import the certificate or issuing authority >>>> in to the JVM. >>>>>>>>>> >>>>>>>>>> Is it possible you are using any early-ish JVM, like version >>>> 1.4.2? >>>>>>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. >>>>>>>>>> You >>>> will need to modify jvm.config once you have installed the new JVM >>>> and give CF a restart. >>>>>>>>>> >>>>>>>>>> On 5 August 2010 20:29, Gavin Beau Baumanis >>>> <b...@palcare.com.au> wrote: >>>>>>>>>> >>>>>>>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote: >>>>>>>>>> >>>>>>>>>>> Annoying isn't it :) >>>>>>>>>>> >>>>>>>>>> Yup sure is. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> When you view the https wsdl in a browser what warnings (if >>>> any) do you get? >>>>>>>>>>> >>>>>>>>>> None. >>>>>>>>>> >>>>>>>>>> The WSDL looks identical to that produced when using a >>>>>>>>>> non-https >>>> URL. >>>>>>>>>> Apart from the namespace addresses etc being different because >>>> of the different URL >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Also if you're going commando (command line hehe) just check >>>> that you are working on the same jvm or jdk that is specified in >>>> ColdFusion's jvm.config file. >>>>>>>>>>> >>>>>>>>>> Ahh righteo.... >>>>>>>>>> I didn't consider that.... but thanks. >>>>>>>>>> >>>>>>>>>> It still doesn't work though.... bummer.... >>>>>>>>>> >>>>>>>>>> Anyone got anything further I could try? >>>>>>>>>> Or is it simply a fact that importing the server cert into the >>>> java keystore - should see it working? >>>>>>>>>> And if that is the case - does the alias used when importing >>>>>>>>>> the >>>> cert, matter any? >>>>>>>>>> >>>>>>>>>> Thanks again.... >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Sent from my iPhone >>>>>>>>>>> >>>>>>>>>>> On 05/08/2010, at 4:50 PM, Gavin Baumanis >>>> <beauecli...@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Everyone, >>>>>>>>>>>> >>>>>>>>>>>> I have been trying to get this to work for the past few days >>>> and have >>>>>>>>>>>> finally decided I should ask for some help. >>>>>>>>>>>> I have a service that runs on a server using the https >>>> protocol. >>>>>>>>>>>> >>>>>>>>>>>> Sunsequently - when I try to use that service I get the >>>> folling error; >>>>>>>>>>>> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error: >>>>>>>>>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not >>>> authenticated. >>>>>>>>>>>> >>>>>>>>>>>> All the items I read seemed to say that all I needed to do >>>> was to add >>>>>>>>>>>> the certificate to java keystore. >>>>>>>>>>>> Which have done using this; >>>>>>>>>>>> http://certman.riaforge.org/ >>>>>>>>>>>> >>>>>>>>>>>> I even tried using the command line - just in case there was >>>> some >>>>>>>>>>>> "odd" issue with the Certificate Manager extension to CF >>>> Admin. >>>>>>>>>>>> >>>>>>>>>>>> But still no dice. >>>>>>>>>>>> >>>>>>>>>>>> I have added the server cert and also tried by adding in the >>>> client >>>>>>>>>>>> cert too - but I still receive that error. >>>>>>>>>>>> Interestingly enough - I can successfully see the WSDL via >>>> the browser >>>>>>>>>>>> and https. >>>>>>>>>>>> >>>>>>>>>>>> If I place the code on a non-ssl connection - everything >>>> works as >>>>>>>>>>>> expected - so I know that my CFCs/code etc is working >>>> correctly. >>>>>>>>>>>> >>>>>>>>>>>> If anyone has any ideas - I would be most appreciative. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Gavin. >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> You received this message because you are subscribed to the >>>> Google Groups "cfaussie" group. >>>>>>>>>>>> To post to this group, send email to >>>> cfaus...@googlegroups.com. >>>>>>>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>> Google Groups "cfaussie" group. >>>>>>>>>>> To post to this group, send email to >>>> cfaus...@googlegroups.com. >>>>>>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>> Google Groups "cfaussie" group. >>>>>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>> Google Groups "cfaussie" group. >>>>>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the >>>> Google Groups "cfaussie" group. >>>>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the >>>>>>>> Google >>>> Groups "cfaussie" group. >>>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the >>>>>>> Google >>>> Groups "cfaussie" group. >>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>> >>>>>> >>>>>> -- >>>>>> Kai Koenig - Ventego Creative Ltd >>>>>> ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 >>>>>> web: http://www.ventego-creative.co.nz >>>>>> blog: http://www.bloginblack.de >>>>>> twitter: http://www.twitter.com/agentK >>>>>> -- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>> Groups "cfaussie" group. >>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>> Groups "cfaussie" group. >>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "cfaussie" group. >>>> To post to this group, send email to cfaus...@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups >> "cfaussie" group. >>> To post to this group, send email to cfaus...@googlegroups.com. >>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >> >> -- >> You received this message because you are subscribed to the Google >> Groups "cfaussie" group. >> To post to this group, send email to cfaus...@googlegroups.com. >> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups > "cfaussie" group. >> To post to this group, send email to cfaus...@googlegroups.com. >> To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com. >> For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To post to this group, send email to cfaus...@googlegroups.com. > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To post to this group, send email to cfaus...@googlegroups.com. > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
