Re: Keystore SSL Validation Nightmare
Thanks again Mark, Well the certificates are appearing if I request the aliases through keytools -list. Is there any way of checking that I've installed them correctly or is it a case of, if they appear in the security/cacert that's them installed? Cheers, James James, Yes, I would agree with you - it looks like you are able to resolve all-right. Have you managed to get the cert into your keystore correctly? Also, there is an issue with JVM versions... I wrote a blurb on it. http://www.coldfusionmuse.com/index.cfm/2006/11/2/keystore.JVM.Workaraound I don't know if that's your issue though -mark ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263506 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Keystore SSL Validation Nightmare
Morning everyone, I've been trying my hardest to get CFMX 7.0 to grab a WDDX via CFHTTP. The code is part of a migration I'm doing from CF 5.0. I've isolated the problem down to something being wrong with the cacert validation on the Jrun side of things but even following entries like this one I found @ talkingtree... http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool I can't get this to work. The dumped message I'm being returned is this: Charset: [empty string] ErrorDetail: I/O Exception: peer not authenticated Filecontent: Connection Failure Header: [undefined struct element] Mimetype: Unable to determine MIME type of file. Responseheader: struct [empty] Statuscode: Connection Failure. Status code unavailable. Text: YES - And the on-page error is: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog.. The error occurred in C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.cfm: line 141 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.cfm: line 129 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.cfm: line 1 139 : cfdump var=#cfhttp# 140 : 141 : cfwddx action=WDDX2CFML input=#cfhttp.fileContent# output=ldapauth - I've done the following tests: - Checked that the certificates have been imported into the cacerts. Both are there. - Checked that the SSL is installed correctly in IIS by accessing the WDDX through a standard HTML form. That returned the results fine so it's nothing on that side. - Off the back of talkingtree - I've also bought a new certificate so that the name on it (wwwtest.company.com) is the same as the address I'm using for testing. Does anybody have anymore suggestions in how I go about debugging and fixing this? Thanks in advance, James ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263254 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Keystore SSL Validation Nightmare
I assume you have verified that the domain is resolvable from the server? Is the server able to resolve the domain into the correct IP address? The error below makes me think you have a resolution issue. If that same server has a non ssl page on it.. .try a cfhttp call to it and see what you get. -mark -Original Message- From: James Buckingham [mailto:[EMAIL PROTECTED] Sent: Friday, December 08, 2006 2:27 AM To: CF-Talk Subject: Keystore SSL Validation Nightmare Morning everyone, I've been trying my hardest to get CFMX 7.0 to grab a WDDX via CFHTTP. The code is part of a migration I'm doing from CF 5.0. I've isolated the problem down to something being wrong with the cacert validation on the Jrun side of things but even following entries like this one I found @ talkingtree... http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool .I can't get this to work. The dumped message I'm being returned is this: Charset: [empty string] ErrorDetail: I/O Exception: peer not authenticated Filecontent: Connection Failure Header: [undefined struct element] Mimetype: Unable to determine MIME type of file. Responseheader: struct [empty] Statuscode: Connection Failure. Status code unavailable. Text: YES - And the on-page error is: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog.. The error occurred in C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.c fm: line 141 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.c fm: line 129 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.c fm: line 1 139 : cfdump var=#cfhttp# 140 : 141 : cfwddx action=WDDX2CFML input=#cfhttp.fileContent# output=ldapauth - I've done the following tests: - Checked that the certificates have been imported into the cacerts. Both are there. - Checked that the SSL is installed correctly in IIS by accessing the WDDX through a standard HTML form. That returned the results fine so it's nothing on that side. - Off the back of talkingtree - I've also bought a new certificate so that the name on it (wwwtest.company.com) is the same as the address I'm using for testing. Does anybody have anymore suggestions in how I go about debugging and fixing this? Thanks in advance, James ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263257 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Keystore SSL Validation Nightmare
I assume you have verified that the domain is resolvable from the server? Is
the server able to resolve the domain into the correct IP address? The
error below makes me think you have a resolution issue. If that same server
has a non ssl page on it.. .try a cfhttp call to it and see what you get.
Thanks for the fast reply Mark. If I setup a test page and put in the following
code to access the same file but through a non-ssl connection
cfset username = test /
cfset password = mypassword /
cfhttp url=http://wwwtest.mycompany.com/wddx_auth.cfm; method=POST
resolveurl=false
cfhttpparam type=FORMFIELD name=username value=#Username# /
cfhttpparam type=FORMFIELD name=password value=#Password# /
/cfhttp
cfdump var=#cfhttp# /
--
I would expect that to fail (the username and password are wrong) but it
return a false. Dumping the results I do get result of..
Charset UTF-8
ErrorDetail [empty string]
Filecontent style table.cfdump_wddx, table.cfdump_xml, table.cfdump_struct,
table.cfdump_array, table.cfdump_query, table.cfdump_cfc, table.cfdump_object,
table.cfdump_binary, table.cfdump_udf, table.cfdump_udfbody,
table.cfdump_udfarguments { font-size: xx-small; font-family: verdana, arial,
helvetica, sans-serif; cell-spacing: 2px; } table.cfdump_wddx th,
table.cfdump_xml th, table.cfdump_struct th, table.cfdump_array th,
table.cfdump_query th, table.cfdump_cfc th, table.cfdump_object th,
table.cfdump_binary th, table.cfdump_udf th, table.cfdump_udfbody th,
table.cfdump_udfarguments th { text-align: left; color: white; padding: 5px; }
etc. etc.
Header: HTTP/1.1: 200 OK Content-Type: text/html; charset=UTF-8 Set-Cookie:
CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Set-Cookie:
CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Connection: close
Date: Fri, 08 Dec 2006 10:23:42 GMT Server: Microsoft-IIS/6.0
Mimetype: text/html
Responseheader: struct
Connection close:
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Dec 2006 10:23:42 GMT
Explanation: OK
Http_Version: HTTP/1.1
Server: Microsoft-IIS/6.0
Set-Cookie: struct
1 CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/
2 CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/
Status_Code: 200
Statuscode: 200 OK
Text: YES
-
.the result is a false so it definatly looks like an SSL problem!
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe Coldfusion MX7 with Flex 2
http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263258
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Keystore SSL Validation Nightmare
James,
Yes, I would agree with you - it looks like you are able to resolve
all-right.
Have you managed to get the cert into your keystore correctly? Also, there
is an issue with JVM versions... I wrote a blurb on it.
http://www.coldfusionmuse.com/index.cfm/2006/11/2/keystore.JVM.Workaraound
I don't know if that's your issue though
-mark
-Original Message-
From: James Buckingham [mailto:[EMAIL PROTECTED]
Sent: Friday, December 08, 2006 3:22 AM
To: CF-Talk
Subject: Re: Keystore SSL Validation Nightmare
I assume you have verified that the domain is resolvable from the
server? Is the server able to resolve the domain into the correct IP
address? The error below makes me think you have a resolution issue.
If that same server has a non ssl page on it.. .try a cfhttp call to it
and see what you get.
Thanks for the fast reply Mark. If I setup a test page and put in the
following code to access the same file but through a non-ssl connection
cfset username = test /
cfset password = mypassword /
cfhttp url=http://wwwtest.mycompany.com/wddx_auth.cfm; method=POST
resolveurl=false
cfhttpparam type=FORMFIELD name=username value=#Username# /
cfhttpparam type=FORMFIELD name=password value=#Password# /
/cfhttp
cfdump var=#cfhttp# /
--
.I would expect that to fail (the username and password are wrong) but it
return a false. Dumping the results I do get result of..
Charset UTF-8
ErrorDetail [empty string]
Filecontent style table.cfdump_wddx, table.cfdump_xml,
table.cfdump_struct, table.cfdump_array, table.cfdump_query,
table.cfdump_cfc, table.cfdump_object, table.cfdump_binary,
table.cfdump_udf, table.cfdump_udfbody, table.cfdump_udfarguments {
font-size: xx-small; font-family: verdana, arial, helvetica, sans-serif;
cell-spacing: 2px; } table.cfdump_wddx th, table.cfdump_xml th,
table.cfdump_struct th, table.cfdump_array th, table.cfdump_query th,
table.cfdump_cfc th, table.cfdump_object th, table.cfdump_binary th,
table.cfdump_udf th, table.cfdump_udfbody th, table.cfdump_udfarguments th {
text-align: left; color: white; padding: 5px; } etc. etc.
Header: HTTP/1.1: 200 OK Content-Type: text/html; charset=UTF-8 Set-Cookie:
CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Set-Cookie:
CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Connection:
close
Date: Fri, 08 Dec 2006 10:23:42 GMT Server: Microsoft-IIS/6.0
Mimetype: text/html
Responseheader: struct
Connection close:
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Dec 2006 10:23:42 GMT
Explanation: OK
Http_Version: HTTP/1.1
Server: Microsoft-IIS/6.0
Set-Cookie: struct
1 CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/
2 CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/
Status_Code: 200
Statuscode: 200 OK
Text: YES
-
..the result is a false so it definatly looks like an SSL problem!
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe Coldfusion MX7 with Flex 2
http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263276
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
