Hi Dale, Thanks very much for the offer of help. If I can't get it worked out in the next couple of days, I will certainly bother you for some help.
As for purchasing a certificate, we'd be happy to do that - if it's required. I'm just not convinced - yet - that our issue is because the cert is self-signed. I have some more testing to do - but will be in touch - either with our solution or a requeste for some help! Thanks everyone... Gavin. On Aug 6, 11:46 pm, "Dale Fraser" <d...@fraser.id.au> wrote: > Gavin, > > If $400 is a problem, here is a $200 > onehttp://www.rapidssl.com/buy-ssl/wildcard-ssl-certificate/index.html > > If it helps I can give you access to a https: webservice for testing, I > understand your issue to be on the calling end rather than the server end. > > This will if nothing else establish if a wildcard SSL will help. > > From the other angle you could potentially expose it for us to test. > > Regards > Dale Fraser > > http://dale.fraser.id.auhttp://cfmldocs.comhttp://learncf.comhttp://flexcf.com > > -----Original Message----- > From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf > > Of MrBuzzy > Sent: Friday, 6 August 2010 10:39 PM > To: cfaussie@googlegroups.com > Subject: Re: [cfaussie] Comsume https webservice > > Maybe we can take a step back and get some more details. Because I'm semi > confident we're all trying to help Gavin find a solution, preferably before > he has to shell out more cash for a different cert. > > - what sort of certificate is it? > - where did it come from? > - does the cert match the host name? > - is the cert issued from one of the 'pre trusted' authorities. > - is it just an SSL cert or are we talking about client certs too? > - etc > > Sent from my iPhone > > On 06/08/2010, at 8:31 PM, "Dale Fraser" <d...@fraser.id.au> wrote: > > > I setup a https: webservice a week ago, didn't have to do anything, it > > worked. > > > But we are using real certificates. I called it from multiple other > > ColdFusion servers, it was an API for a third party developer, they > > had no issues either. > > > Regards > > Dale Fraser > > >http://dale.fraser.id.au > >http://cfmldocs.com > >http://learncf.com > >http://flexcf.com > > > -----Original Message----- > > From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On > > Behalf Of MrBuzzy > > Sent: Friday, 6 August 2010 8:16 PM > > To: cfaussie@googlegroups.com > > Subject: Re: [cfaussie] Comsume https webservice > > > Ooh them's fightin' words Dale! > > Wildcard certs can also require importing too sometimes. I recall Phil > > had to do so once ...? > > > Not the cert, but the signing authority needs to be trusted. Vague > memories. > > > Hicup. I should put down the phone or the beer or both. > > > Sent from my iPhone > > > On 06/08/2010, at 7:22 PM, "Dale Fraser" <d...@fraser.id.au> wrote: > > >> Im pretty sure this wouldn't be a problem if you just use a real > >> wildcard cert, seems like a lot of time wasted for a $400 spend > > >> Regards > >> Dale Fraser > > >>http://dale.fraser.id.au > >>http://cfmldocs.com > >>http://learncf.com > >>http://flexcf.com > > >> -----Original Message----- > >> From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On > >> Behalf Of Gavin Beau Baumanis > >> Sent: Friday, 6 August 2010 3:58 PM > >> To: cfaussie@googlegroups.com > >> Subject: Re: [cfaussie] Comsume https webservice > > >> Yup - most certainly - after every change. > >> All this work is on our staging server - so we're free to restart > >> services as often as required. > > >> Gavin. > > >> On 06/08/2010, at 3:15 PM, skateboard.com.au wrote: > > >>> have you restarted cf after adding the cert into the keystore? > > >>> Drew Peacock > > >>> -----Original Message----- > >>> From: Gavin Beau Baumanis <b...@palcare.com.au> > >>> To: cfaussie@googlegroups.com > >>> Date: Fri, 6 Aug 2010 15:10:42 +1000 > >>> Subject: Re: [cfaussie] Comsume https webservice > > >>>> Now remember how I said EVERYTHING was working correctly for > >>>> straight hhtp? > > >>>> Well that hasn't changed - but I have to wonder how? > > >>>> Here is the code I am using; > >>>> <cfset remoteLoginService = createObject("component", > > >>>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Ser > >>>> v > >>>> i > >>>> c > >>>> e.cfc?wsdl")> > > >>>> should it not be?; > >>>> <cfset remoteLoginService = createObject("webservice", > >>>> "https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)> > > >>>> I did try this by the way - and I still get the unauthenticated > >>>> peer error message.... but I just thought it odd that thew previous > >>>> version worked at all. > > >>>> I also a "." (period) used instead of the "?" in CFLIVEDOCS - which > >>>> I also tried - without success. > >>>> Once again I got the authentication error..... so it would seem my > >>>> underlying issue is still a certificate error - but if someone > >>>> could shoot me the correct code to use when invoking a web service > >>>> (perhaps you have one in your code already??) - that would be most > > handy. > > >>>> Gavin. > > >>>> On 06/08/2010, at 1:01 PM, Gavin Beau Baumanis wrote: > > >>>>> Hi Kai, > > >>>>> Here is what CFAdmin tells me; > > >>>>> JVM Details > >>>>> Java Version 1.6.0_14 > >>>>> Java Vendor Sun Microsystems Inc. > >>>>> Java Vendor URLhttp://java.sun.com/ > >>>>> Java Home /opt/coldfusion9/runtime/jre > > >>>>> Java VM Specification Version 1.0 > >>>>> Java VM Specification Vendor Sun Microsystems Inc. > >>>>> Java VM Specification Name Java Virtual Machine Specification > >>>>> Java VM Version 14.0-b16 > >>>>> Java VM Vendor Sun Microsystems Inc. > >>>>> Java VM Name Java HotSpot(TM) Server VM > >>>>> Java Specification Version 1.6 > >>>>> Java Specification Vendor Sun Microsystems Inc. > >>>>> Java Specification Name Java Platform API Specification > >>>>> Java Class Version 50.0 > > >>>>> So I am going to go with - we're using the normal / standard CF > >>>> install version. > > >>>>> Gavin > > >>>>> On 06/08/2010, at 12:58 PM, Kai Koenig wrote: > > >>>>>> Just to double check and a random idea - are you running this on > >>>>>> the > >>>> standard JVM that comes with CF or has it been upgraded to 1.6.20+? > > >>>>>> Cheers > >>>>>> Kai > > >>>>>>> Okay some more news... but it is still not working. > > >>>>>>> When I try to delete a certificate from the Java KeyStore using > >>>>>>> the > >>>> certman CFIDE extension it throws an error. > >>>>>>> Subsequently I have reverted to using the command line to do the > >>>> KeyStore maintenance. > > >>>>>>> Here is what I have done; > > >>>>>>> Imported into the KeyStore the public key used to access our SSL > >>>> secured website. (I.e the key we would issue to a client so that > >>>> they could access the site. > > >>>>>>> in code this following line; > >>>>>>> <cfset remoteLoginService = createObject("component", > > >>>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Ser > >>>> v > >>>> i > >>>> c > >>>> e.cfc?wsdl")> > > >>>>>>> causes this error; > >>>>>>> Unable to read WSDL from URL: > >>>>https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error: > >>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. > > >>>>>>> Now I don't know if this is the same thing or not, but I > >>>>>>> exported > >>>> (via Firefox - by clicking on the padlock icon and choosing EXPORT) > >>>> the certificate at the website. > >>>>>>> Imported THAT certificate in the Java KeyStore - get the same > >>>> error as above. > > >>>>>>> I then read on a blog - something about requiring the > >>>>>>> certificate > >>>> used to sign the public key and since we signed the key ourselves I > >>>> added that to the Java KeyStore too. > >>>>>>> But unfortunately - I still get the same error. > > >>>>>>> The command line confirms that the certs are indeed in the > >>>>>>> KeyStore > >>>> - as does the CertMan CFIDE extension. > >>>>>>> I have restarted the CF service after each certificate > >>>> installation. > > >>>>>>> It would "seem" I have done everything required - but it still > >>>> doesn't work. > > >>>>>>> And let me also say that if I place the exact same CFCs and > >>>>>>> calling > >>>> code onto a non-SSL path - then the web service is consumed > >>>> correctly > >>>> - so am really confident it is not a CFML coding issue. > > >>>>>>> If anyone has any ideas at all - I would be most appreciative - > >>>>>>> Of > >>>> course - if I do get it working - I will let everyone know what I did. > > >>>>>>> Gavin. > > >>>>>>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote: > > >>>>>>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never > >>>> know. > > >>>>>>>> I guess you're back to the challenge of importing it correctly. > >>>>>>>> Or > >>>> there's some other issue going on. > > >>>>>>>> Sent from my iPhone > > >>>>>>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis > >>>> <b...@palcare.com.au> wrote: > > >>>>>>>>> I don't get a cert warning in the browser because I have "that" > >>>> cert and only that cert installed in the browser already. > > >>>>>>>>> Our staging sites have all been confired to allow the same > >>>> developer's client cert - thus one cert for all staging sites. > > >>>>>>>>> Thus only have one cert installed means you don't even get the > >>>> prompt for the cert it's just automatically applied by firefox - > >>>> after the first run of course... > > >>>>>>>>> Well - at least that's what I am putting it (the working in > >>>>>>>>> the > >>>> browser) down to anyway. > > >>>>>>>>> As for the JVM that we're using - to be honest - I wouldn't > >>>>>>>>> have > >>>> a clue... but since we're running CF9 - would it not be using > >>>> whatever > >>>> CF9 gets bundled with? > > >>>>>>>>> Gavin. > > >>>>>>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote: > > >>>>>>>>>> What I find interesting is your browser does not give any > >>>> certificate warnings when viewing the wsdl over https. That usually > >>>> means you wont need to import the certificate or issuing authority > >>>> in to the JVM. > > >>>>>>>>>> Is it possible you are using any early-ish JVM, like version > >>>> 1.4.2? > >>>>>>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. > >>>>>>>>>> You > >>>> will need to modify jvm.config once you have installed the new JVM > >>>> and give CF a restart. > > ... > > read more » -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
