This may help out: http://stackoverflow.com/questions/195275/connect-to-self-signed-https-web-services-from-flex
--- In [email protected], "Laurence" <lmacne...@...> wrote: > > Ok. I finally figured out how to create my own security certificate on my > Windows 2003 server, using Certificate Services. I can access my server > using https:// right now -- the browser gives me an error because it's not a > trusted cert, of course, but https:// does work if I ignore the "not trusted" > message... > > So, I'm trying to secure a ColdFusion 8 data-channel on my intranet. I've > edited the services-config.xml file to give me a cf-amf-secure channel, and > I'm directing one of my remote objects to my new "SecureColdFusion" > destination... > > Obviously the CF part appears to be working -- because it IS attempting to > access https://localhost/flex2gateway/cfamfsecure. But every time it does, I > get a cross-domain policy error. If I run the program in Debug mode, I > actually get a "failed to load https://localhost/crossdomain.xml"; error > message immediately before I get the general "security sandbox" error. > > What I think is happening is that Flex is trying to load the crossdomain.xml > file through https:// not http:// and the untrusted security certificate is > preventing the crossdomain.xml file from being loaded. I did add a > 'Security.loadPolicyFile("http://localhost/crossdomain.xml";);' command to my > program, and that didn't change anything. It still gives me the "failed to > load" error. Did I mention I hate security issues? > > Anyway -- I think the trick is to somehow make Flex trust my self-created > cert. If I can do that, then it should be able to load crossdomain.xml from > the https. Can anyone help me get Flex to trust my self-created certificate? > > Thanks, > Laurence MacNeill > Mableton, Georgia, USA >
