Ok... I installed the Cert in IE. It shows up in the Trusted Root Authority
tab in Internet Options.
Now, I'm getting the following error: (I've replaced my actual domain with
{myDomain} in the following example)
Warning: Domain {myDomain} does not specify a meta-policy. Applying default
meta-policy 'master-only'. This configuration is deprecated. See
http://www.adobe.com/go/strict_policy_files to fix this problem.
Error: Request for resource at https://{myDomain}/flex2gateway/cfamfsecure by
requestor from http://{myDomain}/QMS/QMS.swf is denied due to lack of policy
file permissions.
*** Security Sandbox Violation ***
Connection to https://{myDomain}/flex2gateway/cfamfsecure halted - not
permitted from http://{myDomain}/QMS/QMS.swf
So is the lack of a meta-policy now causing my problem? (I did read that
website it links to -- totally didn't understand a thing...) I'm no longer
getting the "error loading policy file" message, so I assume that means it's
loading. And {myDomain} is listed in the policy, so I really don't understand
why this isn't working... It should.
Did I mention I despise security problems?
Thanks for any help you can give me.
L.
--- In [email protected], "valdhor" <valdhorli...@...> wrote:
>
> This may help out:
>
> http://stackoverflow.com/questions/195275/connect-to-self-signed-https-web-services-from-flex
>
> --- In [email protected], "Laurence" <LMacNeill@> wrote:
> >
> > Ok. I finally figured out how to create my own security certificate on my
> > Windows 2003 server, using Certificate Services. I can access my server
> > using https:// right now -- the browser gives me an error because it's not
> > a trusted cert, of course, but https:// does work if I ignore the "not
> > trusted" message...
> >
> > So, I'm trying to secure a ColdFusion 8 data-channel on my intranet. I've
> > edited the services-config.xml file to give me a cf-amf-secure channel, and
> > I'm directing one of my remote objects to my new "SecureColdFusion"
> > destination...
> >
> > Obviously the CF part appears to be working -- because it IS attempting to
> > access https://localhost/flex2gateway/cfamfsecure. But every time it does,
> > I get a cross-domain policy error. If I run the program in Debug mode, I
> > actually get a "failed to load https://localhost/crossdomain.xml"; error
> > message immediately before I get the general "security sandbox" error.
> >
> > What I think is happening is that Flex is trying to load the
> > crossdomain.xml file through https:// not http:// and the untrusted
> > security certificate is preventing the crossdomain.xml file from being
> > loaded. I did add a
> > 'Security.loadPolicyFile("http://localhost/crossdomain.xml";);' command to
> > my program, and that didn't change anything. It still gives me the "failed
> > to load" error. Did I mention I hate security issues?
> >
> > Anyway -- I think the trick is to somehow make Flex trust my self-created
> > cert. If I can do that, then it should be able to load crossdomain.xml
> > from the https. Can anyone help me get Flex to trust my self-created
> > certificate?
> >
> > Thanks,
> > Laurence MacNeill
> > Mableton, Georgia, USA
> >
>
