Ok - I've already posted a reply to this once, but that was an hour ago and it still hasn't showed up in the messages list. So my apologies in advance if this winds up being a double-post.
Anyway -- I followed the intstructions for importing my cert into IE. I can now browse to https://{myDomain} with no cert-errors. But Flex still isn't dealing with it correctly. (Obviously, I've replaced my real domain with {myDomain} in this example.) I get the following error: Warning: Domain {myDomain} does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem. Error: Request for resource at https://{myDomain}/flex2gateway/cfamfsecure by requestor from http://{myDomain}/QMS/QMS.swf is denied due to lack of policy file permissions. *** Security Sandbox Violation *** Connection to https://{myDomain}/flex2gateway/cfamfsecure halted - not permitted from http://{myDomain}/QMS/QMS.swf So I'm no longer getting the "error loading crossdomain.xml" problem that I had before... But now this new error about a meta-policy? I went to the web-site it told me to go to, but I didn't understand a damn thing. Is my lack of a meta-policy the problem here? So someone please give me a clearer understanding of what a meta-policy is, and how to create one? (If that is, indeed, my problem... It's still telling me there's a "lack of policy file permissions" which is completely wrong -- {myDomain} is in there...) Thanks for the help. I truly despise security issues... Ugh... L. --- In [email protected], "valdhor" <valdhorli...@...> wrote: > > This may help out: > > http://stackoverflow.com/questions/195275/connect-to-self-signed-https-web-services-from-flex > > --- In [email protected], "Laurence" <LMacNeill@> wrote: > > > > Ok. I finally figured out how to create my own security certificate on my > > Windows 2003 server, using Certificate Services. I can access my server > > using https:// right now -- the browser gives me an error because it's not > > a trusted cert, of course, but https:// does work if I ignore the "not > > trusted" message... > > > > So, I'm trying to secure a ColdFusion 8 data-channel on my intranet. I've > > edited the services-config.xml file to give me a cf-amf-secure channel, and > > I'm directing one of my remote objects to my new "SecureColdFusion" > > destination... > > > > Obviously the CF part appears to be working -- because it IS attempting to > > access https://localhost/flex2gateway/cfamfsecure. But every time it does, > > I get a cross-domain policy error. If I run the program in Debug mode, I > > actually get a "failed to load https://localhost/crossdomain.xml"; error > > message immediately before I get the general "security sandbox" error. > > > > What I think is happening is that Flex is trying to load the > > crossdomain.xml file through https:// not http:// and the untrusted > > security certificate is preventing the crossdomain.xml file from being > > loaded. I did add a > > 'Security.loadPolicyFile("http://localhost/crossdomain.xml";);' command to > > my program, and that didn't change anything. It still gives me the "failed > > to load" error. Did I mention I hate security issues? > > > > Anyway -- I think the trick is to somehow make Flex trust my self-created > > cert. If I can do that, then it should be able to load crossdomain.xml > > from the https. Can anyone help me get Flex to trust my self-created > > certificate? > > > > Thanks, > > Laurence MacNeill > > Mableton, Georgia, USA > > >
