Invoking Java component that sends SSL Client Key in CF9 Ent
Hi All, I've run into an issue on CF9 Enterprise 64 bit on Windows (7/2003/2008) with using client authentication when invoking a java component. Background: We are attempting to implement 3D Secure (Verified By Visa) on the Barclay's EPDQ system using the Arcot SDK. We have this working using the COM api on windows 32 bit but our shiny new servers running Windows 2008 doesn't support COM. I've attempted to use .NET thinking that it should be a fairly straight swap between the COM and .NET systems but was I wrong. The Java SDK requires you to pass in 3 SSL files. A CA certificate, a client certificate and a client key file. The following code illustrates the call from ColdFusion to the SDK: var serverInfo = createObject(java, com.arcot.xfms.XFMS_Java_API$ServerInfo).init( VARIABLES.clientOptions.host, VARIABLES.clientOptions.port, VARIABLES.clientOptions.transport, 30, 5, 8, 4, VARIABLES.clientOptions.TrustedCACertFile, VARIABLES.clientOptions.ClientCertFile, VARIABLES.clientOptions.ClientKeyFile); This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. Attempted Fixes: 1. I've imported the certificates into every keystore on the server! 2. Created a jks keystore that includes the CA, Client Certificate and Client Key file and passed that in 3. Created a wrapper class in java that then instantiates and calls the SDK - this again works from command line but not from CF 4. Updated the JRE to Java6 R35 and tested both the command line and CF versions, pure java works, CF doesn't 5. Enabled SSL between JRUN and Apache (in dev environment) and still nothing 6. Contacted Barclays and Arcot and the official position is they neither officially support 64 bit Windows (which is INSANE!) or ColdFusion and can't really offer much advice. They suggested that it could be a problem with access the SDK from Coldfusion but I've moved the SDK to the same directory as the web root and still nothing. Has anyone had any experience with this? Any thoughts, suggestions, criticisms? I can provide more code if necessary. Thanks very much. Best Regards, Donnie Bachan Nitendo Vinces - By Striving You Shall Conquer == The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352799 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Unsure if its an option be we use 3d secure with cardinal commerce who support ColdFusion and 64 bit. Paul On 02/10/2012, at 8:26 PM, Donnie Bachan (Gmail) donnie.bac...@gmail.com wrote: Hi All, I've run into an issue on CF9 Enterprise 64 bit on Windows (7/2003/2008) with using client authentication when invoking a java component. Background: We are attempting to implement 3D Secure (Verified By Visa) on the Barclay's EPDQ system using the Arcot SDK. We have this working using the COM api on windows 32 bit but our shiny new servers running Windows 2008 doesn't support COM. I've attempted to use .NET thinking that it should be a fairly straight swap between the COM and .NET systems but was I wrong. The Java SDK requires you to pass in 3 SSL files. A CA certificate, a client certificate and a client key file. The following code illustrates the call from ColdFusion to the SDK: var serverInfo = createObject(java, com.arcot.xfms.XFMS_Java_API$ServerInfo).init( VARIABLES.clientOptions.host, VARIABLES.clientOptions.port, VARIABLES.clientOptions.transport, 30, 5, 8, 4, VARIABLES.clientOptions.TrustedCACertFile, VARIABLES.clientOptions.ClientCertFile, VARIABLES.clientOptions.ClientKeyFile); This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. Attempted Fixes: 1. I've imported the certificates into every keystore on the server! 2. Created a jks keystore that includes the CA, Client Certificate and Client Key file and passed that in 3. Created a wrapper class in java that then instantiates and calls the SDK - this again works from command line but not from CF 4. Updated the JRE to Java6 R35 and tested both the command line and CF versions, pure java works, CF doesn't 5. Enabled SSL between JRUN and Apache (in dev environment) and still nothing 6. Contacted Barclays and Arcot and the official position is they neither officially support 64 bit Windows (which is INSANE!) or ColdFusion and can't really offer much advice. They suggested that it could be a problem with access the SDK from Coldfusion but I've moved the SDK to the same directory as the web root and still nothing. Has anyone had any experience with this? Any thoughts, suggestions, criticisms? I can provide more code if necessary. Thanks very much. Best Regards, Donnie Bachan Nitendo Vinces - By Striving You Shall Conquer == The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352800 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Hi Paul, Thanks for this, it's odd we use Cardinal when we call Paypal Pro (we use them as a back up processor if Barclays ever goes down) and that works fine on 64 bit. What's even more odd is the fact that they all use Arcot at the core because Arcot developed the system. Best Regards Donnie Bachan Nitendo Vinces - By Striving You Shall Conquer == The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. On Tue, Oct 2, 2012 at 11:29 AM, Paul Kukiel pkuk...@gmail.com wrote: Unsure if its an option be we use 3d secure with cardinal commerce who support ColdFusion and 64 bit. Paul On 02/10/2012, at 8:26 PM, Donnie Bachan (Gmail) donnie.bac...@gmail.com wrote: Hi All, I've run into an issue on CF9 Enterprise 64 bit on Windows (7/2003/2008) with using client authentication when invoking a java component. Background: We are attempting to implement 3D Secure (Verified By Visa) on the Barclay's EPDQ system using the Arcot SDK. We have this working using the COM api on windows 32 bit but our shiny new servers running Windows 2008 doesn't support COM. I've attempted to use .NET thinking that it should be a fairly straight swap between the COM and .NET systems but was I wrong. The Java SDK requires you to pass in 3 SSL files. A CA certificate, a client certificate and a client key file. The following code illustrates the call from ColdFusion to the SDK: var serverInfo = createObject(java, com.arcot.xfms.XFMS_Java_API$ServerInfo).init( VARIABLES.clientOptions.host, VARIABLES.clientOptions.port, VARIABLES.clientOptions.transport, 30, 5, 8, 4, VARIABLES.clientOptions.TrustedCACertFile, VARIABLES.clientOptions.ClientCertFile, VARIABLES.clientOptions.ClientKeyFile); This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. Attempted Fixes: 1. I've imported the certificates into every keystore on the server! 2. Created a jks keystore that includes the CA, Client Certificate and Client Key file and passed that in 3. Created a wrapper class in java that then instantiates and calls the SDK - this again works from command line but not from CF 4. Updated the JRE to Java6 R35 and tested both the command line and CF versions, pure java works, CF doesn't 5. Enabled SSL between JRUN and Apache (in dev environment) and still nothing 6. Contacted Barclays and Arcot and the official position is they neither officially support 64 bit Windows (which is INSANE!) or ColdFusion and can't really offer much advice. They suggested that it could be a problem with access the SDK from Coldfusion but I've moved the SDK to the same directory as the web root and still nothing. Has anyone had any experience with this? Any thoughts, suggestions, criticisms? I can provide more code if necessary. Thanks very much. Best Regards, Donnie Bachan Nitendo Vinces - By Striving You Shall Conquer == The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352803 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Hi Paul, Thanks for this, it's odd we use Cardinal when we call Paypal Pro (we use them as a back up processor if Barclays ever goes down) and that works fine on 64 bit. What's even more odd is the fact that they all use Arcot at the core because Arcot developed the system. Best Regards On Tue, Oct 2, 2012 at 11:29 AM, Paul Kukiel pkuk...@gmail.com wrote: Unsure if its an option be we use 3d secure with cardinal commerce who support ColdFusion and 64 bit. Paul ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352805 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
The following code illustrates the call from ColdFusion to the SDK: var serverInfo = createObject(java, com.arcot.xfms.XFMS_Java_API$ServerInfo).init( VARIABLES.clientOptions.host, VARIABLES.clientOptions.port, VARIABLES.clientOptions.transport, 30, 5, 8, 4, VARIABLES.clientOptions.TrustedCACertFile, VARIABLES.clientOptions.ClientCertFile, VARIABLES.clientOptions.ClientKeyFile); This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. How are you providing the key file to the Java class from within CF? Are you just reading it via CFFILE? I suspect that's the problem, although I don't know what the solution would be exactly. When you execute the Java class from the command line, how are you providing the file in that case? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352809 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Thanks Dave, You just pass the location of the key file as a string so I'm just passing in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried using Wireshark as well to look at the packets being sent. From Java the request is fine, from CF the remote URL never gets called at all so it's not even getting to the bit where it makes the request. What I don't understand is why it's throwing the same error when I use a wrapper java class that then invokes the SDK. Even if I hard code the paths to the files in the java wrapper class and all CF does is call the wrapper class I get the same error. I'm thinking it may be some sort of permission issue why it can't read the key file but I can't figure out what to change. CF and Java and Apache all have full permissions on the directories. Donnie Bachan This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. How are you providing the key file to the Java class from within CF? Are you just reading it via CFFILE? I suspect that's the problem, although I don't know what the solution would be exactly. When you execute the Java class from the command line, how are you providing the file in that case? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352810 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
My Guess is that this has something to do with the RSA BSafe crypto-j security provider that CF Enterprise ships with. This API was upgraded in CF10, so you could try that as an option. When you run Java from the command line, you are not using Crypto-J, when you run java within CF you are. Another thing to try would be CF Standard since CF standard uses the default Java security provider. You might also be able to have CF9 Ent run with the default security provider via some JVM options. Also can you post the full stack trace for the error you are getting in CF? -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Tue, Oct 2, 2012 at 11:01 AM, Donnie Bachan (Gmail) donnie.bac...@gmail.com wrote: Thanks Dave, You just pass the location of the key file as a string so I'm just passing in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried using Wireshark as well to look at the packets being sent. From Java the request is fine, from CF the remote URL never gets called at all so it's not even getting to the bit where it makes the request. What I don't understand is why it's throwing the same error when I use a wrapper java class that then invokes the SDK. Even if I hard code the paths to the files in the java wrapper class and all CF does is call the wrapper class I get the same error. I'm thinking it may be some sort of permission issue why it can't read the key file but I can't figure out what to change. CF and Java and Apache all have full permissions on the directories. Donnie Bachan This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. How are you providing the key file to the Java class from within CF? Are you just reading it via CFFILE? I suspect that's the problem, although I don't know what the solution would be exactly. When you execute the Java class from the command line, how are you providing the file in that case? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352811 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Dont forget that you are using jrun which also allows you to use jsp as well, perhaps you could try doing this from jsp and see if that works, which may save you some head banging as cfm and jsp can happily work together. Regards Russ Michaels On Oct 2, 2012 6:32 PM, Pete Freitag p...@foundeo.com wrote: My Guess is that this has something to do with the RSA BSafe crypto-j security provider that CF Enterprise ships with. This API was upgraded in CF10, so you could try that as an option. When you run Java from the command line, you are not using Crypto-J, when you run java within CF you are. Another thing to try would be CF Standard since CF standard uses the default Java security provider. You might also be able to have CF9 Ent run with the default security provider via some JVM options. Also can you post the full stack trace for the error you are getting in CF? -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Tue, Oct 2, 2012 at 11:01 AM, Donnie Bachan (Gmail) donnie.bac...@gmail.com wrote: Thanks Dave, You just pass the location of the key file as a string so I'm just passing in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried using Wireshark as well to look at the packets being sent. From Java the request is fine, from CF the remote URL never gets called at all so it's not even getting to the bit where it makes the request. What I don't understand is why it's throwing the same error when I use a wrapper java class that then invokes the SDK. Even if I hard code the paths to the files in the java wrapper class and all CF does is call the wrapper class I get the same error. I'm thinking it may be some sort of permission issue why it can't read the key file but I can't figure out what to change. CF and Java and Apache all have full permissions on the directories. Donnie Bachan This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. How are you providing the key file to the Java class from within CF? Are you just reading it via CFFILE? I suspect that's the problem, although I don't know what the solution would be exactly. When you execute the Java class from the command line, how are you providing the file in that case? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352813 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Donnie Bachan Nitendo Vinces - By Striving You Shall Conquer == The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Pete, Thanks very much. I think your note about RSA BSafe may be the issue since the symptoms seem to be pointing to something that CF can't handle. I can test this tomorrow. I'll post the stack trace when I'm back at work. Best Regards, Donnie On Tue, Oct 2, 2012 at 6:32 PM, Pete Freitag p...@foundeo.com wrote: My Guess is that this has something to do with the RSA BSafe crypto-j security provider that CF Enterprise ships with. This API was upgraded in CF10, so you could try that as an option. When you run Java from the command line, you are not using Crypto-J, when you run java within CF you are. Another thing to try would be CF Standard since CF standard uses the default Java security provider. You might also be able to have CF9 Ent run with the default security provider via some JVM options. Also can you post the full stack trace for the error you are getting in CF? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352814 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Thanks Russ, I've not played with JSP in years, will give it a shot. I'm willing to even try Pascal at this point! On Tue, Oct 2, 2012 at 8:37 PM, Russ Michaels r...@michaels.me.uk wrote: Dont forget that you are using jrun which also allows you to use jsp as well, perhaps you could try doing this from jsp and see if that works, which may save you some head banging as cfm and jsp can happily work together. Regards Russ Michaels On Oct 2, 2012 6:32 PM, Pete Freitag p...@foundeo.com wrote: My Guess is that this has something to do with the RSA BSafe crypto-j security provider that CF Enterprise ships with. This API was upgraded in CF10, so you could try that as an option. When you run Java from the command line, you are not using Crypto-J, when you run java within CF you are. Another thing to try would be CF Standard since CF standard uses the default Java security provider. You might also be able to have CF9 Ent run with the default security provider via some JVM options. Also can you post the full stack trace for the error you are getting in CF? -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Tue, Oct 2, 2012 at 11:01 AM, Donnie Bachan (Gmail) donnie.bac...@gmail.com wrote: Thanks Dave, You just pass the location of the key file as a string so I'm just passing in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried using Wireshark as well to look at the packets being sent. From Java the request is fine, from CF the remote URL never gets called at all so it's not even getting to the bit where it makes the request. What I don't understand is why it's throwing the same error when I use a wrapper java class that then invokes the SDK. Even if I hard code the paths to the files in the java wrapper class and all CF does is call the wrapper class I get the same error. I'm thinking it may be some sort of permission issue why it can't read the key file but I can't figure out what to change. CF and Java and Apache all have full permissions on the directories. Donnie Bachan This returns an error: Cannot get key bytes, not PKCS#8 encoded. If, however, I wrap this in a java class and execute from command line it works just fine. It just refuses to work when called from ColdFusion. How are you providing the key file to the Java class from within CF? Are you just reading it via CFFILE? I suspect that's the problem, although I don't know what the solution would be exactly. When you execute the Java class from the command line, how are you providing the file in that case? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352815 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
You just pass the location of the key file as a string so I'm just passing in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried using Wireshark as well to look at the packets being sent. From Java the request is fine, from CF the remote URL never gets called at all so it's not even getting to the bit where it makes the request. What I don't understand is why it's throwing the same error when I use a wrapper java class that then invokes the SDK. Even if I hard code the paths to the files in the java wrapper class and all CF does is call the wrapper class I get the same error. I'm thinking it may be some sort of permission issue why it can't read the key file but I can't figure out what to change. CF and Java and Apache all have full permissions on the directories. Is CF running with a specific user account? If so, what happens if you log into the console with that account and try to run the same Java class? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352822 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
My Guess is that this has something to do with the RSA BSafe crypto-j security provider that CF Enterprise ships with. This API was upgraded in CF10, so you could try that as an option. When you run Java from the command line, you are not using Crypto-J, when you run java within CF you are. Another thing to try would be CF Standard since CF standard uses the default Java security provider. You might also be able to have CF9 Ent run with the default security provider via some JVM options. Also, you can temporarily disable BSafe, I think, as described by Jason Dean here: http://forums.adobe.com/message/3895416 Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352823 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Invoking Java component that sends SSL Client Key in CF9 Ent
Pete and Dave, I owe both of you a beverage (or ten!) next time I'm in the US or you are in the UK! It was the BSafe library. I used the code from the forum post to disable the library and my requests worked. I will have to look into the compliance issue with disabling the library when making the calls but at least I know where the problem lies! Thanks again! Donnie On Tue, Oct 2, 2012 at 11:48 PM, Dave Watts dwa...@figleaf.com wrote: My Guess is that this has something to do with the RSA BSafe crypto-j security provider that CF Enterprise ships with. This API was upgraded in CF10, so you could try that as an option. When you run Java from the command line, you are not using Crypto-J, when you run java within CF you are. Another thing to try would be CF Standard since CF standard uses the default Java security provider. You might also be able to have CF9 Ent run with the default security provider via some JVM options. Also, you can temporarily disable BSafe, I think, as described by Jason Dean here: http://forums.adobe.com/message/3895416 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352830 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm