Re: Keystore SSL Validation Nightmare
Thanks again Mark, Well the certificates are appearing if I request the aliases through keytools -list. Is there any way of checking that I've installed them correctly or is it a case of, if they appear in the security/cacert that's them installed? Cheers, James James, Yes, I would agree with you - it looks like you are able to resolve all-right. Have you managed to get the cert into your keystore correctly? Also, there is an issue with JVM versions... I wrote a blurb on it. http://www.coldfusionmuse.com/index.cfm/2006/11/2/keystore.JVM.Workaraound I don't know if that's your issue though -mark ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263506 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Keystore SSL Validation Nightmare
Morning everyone, I've been trying my hardest to get CFMX 7.0 to grab a WDDX via CFHTTP. The code is part of a migration I'm doing from CF 5.0. I've isolated the problem down to something being wrong with the cacert validation on the Jrun side of things but even following entries like this one I found @ talkingtree... http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool I can't get this to work. The dumped message I'm being returned is this: Charset: [empty string] ErrorDetail: I/O Exception: peer not authenticated Filecontent: Connection Failure Header: [undefined struct element] Mimetype: Unable to determine MIME type of file. Responseheader: struct [empty] Statuscode: Connection Failure. Status code unavailable. Text: YES - And the on-page error is: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog.. The error occurred in C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.cfm: line 141 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.cfm: line 129 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.cfm: line 1 139 : cfdump var=#cfhttp# 140 : 141 : cfwddx action=WDDX2CFML input=#cfhttp.fileContent# output=ldapauth - I've done the following tests: - Checked that the certificates have been imported into the cacerts. Both are there. - Checked that the SSL is installed correctly in IIS by accessing the WDDX through a standard HTML form. That returned the results fine so it's nothing on that side. - Off the back of talkingtree - I've also bought a new certificate so that the name on it (wwwtest.company.com) is the same as the address I'm using for testing. Does anybody have anymore suggestions in how I go about debugging and fixing this? Thanks in advance, James ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263254 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Keystore SSL Validation Nightmare
I assume you have verified that the domain is resolvable from the server? Is the server able to resolve the domain into the correct IP address? The error below makes me think you have a resolution issue. If that same server has a non ssl page on it.. .try a cfhttp call to it and see what you get. -mark -Original Message- From: James Buckingham [mailto:[EMAIL PROTECTED] Sent: Friday, December 08, 2006 2:27 AM To: CF-Talk Subject: Keystore SSL Validation Nightmare Morning everyone, I've been trying my hardest to get CFMX 7.0 to grab a WDDX via CFHTTP. The code is part of a migration I'm doing from CF 5.0. I've isolated the problem down to something being wrong with the cacert validation on the Jrun side of things but even following entries like this one I found @ talkingtree... http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool .I can't get this to work. The dumped message I'm being returned is this: Charset: [empty string] ErrorDetail: I/O Exception: peer not authenticated Filecontent: Connection Failure Header: [undefined struct element] Mimetype: Unable to determine MIME type of file. Responseheader: struct [empty] Statuscode: Connection Failure. Status code unavailable. Text: YES - And the on-page error is: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog.. The error occurred in C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.c fm: line 141 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.c fm: line 129 Called from C:\JRun4\servers\Apps1.0\cfusion.ear\cfusion.war\interact\login\logincheck.c fm: line 1 139 : cfdump var=#cfhttp# 140 : 141 : cfwddx action=WDDX2CFML input=#cfhttp.fileContent# output=ldapauth - I've done the following tests: - Checked that the certificates have been imported into the cacerts. Both are there. - Checked that the SSL is installed correctly in IIS by accessing the WDDX through a standard HTML form. That returned the results fine so it's nothing on that side. - Off the back of talkingtree - I've also bought a new certificate so that the name on it (wwwtest.company.com) is the same as the address I'm using for testing. Does anybody have anymore suggestions in how I go about debugging and fixing this? Thanks in advance, James ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263257 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Keystore SSL Validation Nightmare
I assume you have verified that the domain is resolvable from the server? Is the server able to resolve the domain into the correct IP address? The error below makes me think you have a resolution issue. If that same server has a non ssl page on it.. .try a cfhttp call to it and see what you get. Thanks for the fast reply Mark. If I setup a test page and put in the following code to access the same file but through a non-ssl connection cfset username = test / cfset password = mypassword / cfhttp url=http://wwwtest.mycompany.com/wddx_auth.cfm; method=POST resolveurl=false cfhttpparam type=FORMFIELD name=username value=#Username# / cfhttpparam type=FORMFIELD name=password value=#Password# / /cfhttp cfdump var=#cfhttp# / -- I would expect that to fail (the username and password are wrong) but it return a false. Dumping the results I do get result of.. Charset UTF-8 ErrorDetail [empty string] Filecontent style table.cfdump_wddx, table.cfdump_xml, table.cfdump_struct, table.cfdump_array, table.cfdump_query, table.cfdump_cfc, table.cfdump_object, table.cfdump_binary, table.cfdump_udf, table.cfdump_udfbody, table.cfdump_udfarguments { font-size: xx-small; font-family: verdana, arial, helvetica, sans-serif; cell-spacing: 2px; } table.cfdump_wddx th, table.cfdump_xml th, table.cfdump_struct th, table.cfdump_array th, table.cfdump_query th, table.cfdump_cfc th, table.cfdump_object th, table.cfdump_binary th, table.cfdump_udf th, table.cfdump_udfbody th, table.cfdump_udfarguments th { text-align: left; color: white; padding: 5px; } etc. etc. Header: HTTP/1.1: 200 OK Content-Type: text/html; charset=UTF-8 Set-Cookie: CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Set-Cookie: CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Connection: close Date: Fri, 08 Dec 2006 10:23:42 GMT Server: Microsoft-IIS/6.0 Mimetype: text/html Responseheader: struct Connection close: Content-Type: text/html; charset=UTF-8 Date: Fri, 08 Dec 2006 10:23:42 GMT Explanation: OK Http_Version: HTTP/1.1 Server: Microsoft-IIS/6.0 Set-Cookie: struct 1 CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ 2 CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Status_Code: 200 Statuscode: 200 OK Text: YES - .the result is a false so it definatly looks like an SSL problem! ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263258 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Keystore SSL Validation Nightmare
James, Yes, I would agree with you - it looks like you are able to resolve all-right. Have you managed to get the cert into your keystore correctly? Also, there is an issue with JVM versions... I wrote a blurb on it. http://www.coldfusionmuse.com/index.cfm/2006/11/2/keystore.JVM.Workaraound I don't know if that's your issue though -mark -Original Message- From: James Buckingham [mailto:[EMAIL PROTECTED] Sent: Friday, December 08, 2006 3:22 AM To: CF-Talk Subject: Re: Keystore SSL Validation Nightmare I assume you have verified that the domain is resolvable from the server? Is the server able to resolve the domain into the correct IP address? The error below makes me think you have a resolution issue. If that same server has a non ssl page on it.. .try a cfhttp call to it and see what you get. Thanks for the fast reply Mark. If I setup a test page and put in the following code to access the same file but through a non-ssl connection cfset username = test / cfset password = mypassword / cfhttp url=http://wwwtest.mycompany.com/wddx_auth.cfm; method=POST resolveurl=false cfhttpparam type=FORMFIELD name=username value=#Username# / cfhttpparam type=FORMFIELD name=password value=#Password# / /cfhttp cfdump var=#cfhttp# / -- .I would expect that to fail (the username and password are wrong) but it return a false. Dumping the results I do get result of.. Charset UTF-8 ErrorDetail [empty string] Filecontent style table.cfdump_wddx, table.cfdump_xml, table.cfdump_struct, table.cfdump_array, table.cfdump_query, table.cfdump_cfc, table.cfdump_object, table.cfdump_binary, table.cfdump_udf, table.cfdump_udfbody, table.cfdump_udfarguments { font-size: xx-small; font-family: verdana, arial, helvetica, sans-serif; cell-spacing: 2px; } table.cfdump_wddx th, table.cfdump_xml th, table.cfdump_struct th, table.cfdump_array th, table.cfdump_query th, table.cfdump_cfc th, table.cfdump_object th, table.cfdump_binary th, table.cfdump_udf th, table.cfdump_udfbody th, table.cfdump_udfarguments th { text-align: left; color: white; padding: 5px; } etc. etc. Header: HTTP/1.1: 200 OK Content-Type: text/html; charset=UTF-8 Set-Cookie: CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Set-Cookie: CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Connection: close Date: Fri, 08 Dec 2006 10:23:42 GMT Server: Microsoft-IIS/6.0 Mimetype: text/html Responseheader: struct Connection close: Content-Type: text/html; charset=UTF-8 Date: Fri, 08 Dec 2006 10:23:42 GMT Explanation: OK Http_Version: HTTP/1.1 Server: Microsoft-IIS/6.0 Set-Cookie: struct 1 CFID=803;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ 2 CFTOKEN=28172353;expires=Sun, 30-Nov-2036 10:23:42 GMT;path=/ Status_Code: 200 Statuscode: 200 OK Text: YES - ..the result is a false so it definatly looks like an SSL problem! ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263276 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4