Re: CFHTTP Connection Failure on SSL
We recently had an API call using a CFHTTP start giving a Connection Failure message. In talking with the other company I found out they updated their security certificate. All the comments I have seen in this list and on blogs etc. pertaining to this issue seem to relate to ColdFusion MX. Does this problem still exist in CF 9 Ent? If so does anybody have any updated tutorial on how to fix this? Thanks in advance for your help. The problem still exists, and will probably exist for the foreseeable future. The solution is really still the same as with older versions, so those tutorials should still apply. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347236 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Thanks for the reply. I am trying the tutorial found here. Short and simple. http://naveenchhabra.wordpress.com/2010/10/18/trusting-certificate-in-co ldfusion-using-keytool-utility/ However it asks me for the cert password. Is this something I need to get from the owner of the cert or am I just typing in the wrong set of params? On some of the other tutorisla that are similar I see no refernece to needed a password. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 1:57 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL We recently had an API call using a CFHTTP start giving a Connection Failure message. In talking with the other company I found out they updated their security certificate. All the comments I have seen in this list and on blogs etc. pertaining to this issue seem to relate to ColdFusion MX. Does this problem still exist in CF 9 Ent? If so does anybody have any updated tutorial on how to fix this? Thanks in advance for your help. The problem still exists, and will probably exist for the foreseeable future. The solution is really still the same as with older versions, so those tutorials should still apply. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347239 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
However it asks me for the cert password. Is this something I need to get from the owner of the cert or am I just typing in the wrong set of params? On some of the other tutorisla that are similar I see no refernece to needed a password. Do you mean the keystore password? The default password for the Java keystore is changeit. The certificate itself should have no password. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347240 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Ok that gave me the Certificate was added to the keystore message but after I restart ColdFusion and I attempt to CFHTTP to the URL I still get a connection failure message. Not sure what to even try next :( -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 2:20 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL However it asks me for the cert password. Is this something I need to get from the owner of the cert or am I just typing in the wrong set of params? On some of the other tutorisla that are similar I see no refernece to needed a password. Do you mean the keystore password? The default password for the Java keystore is changeit. The certificate itself should have no password. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347241 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
Ok that gave me the Certificate was added to the keystore message but after I restart ColdFusion and I attempt to CFHTTP to the URL I still get a connection failure message. Not sure what to even try next :( There can be all kinds of things that go wrong with certificates. Does the site use just a root certificate, or do they also have an intermediate certificate? You'll have to import the entire certificate chain if the latter is the case. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347243 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Ok my next question would be how do I get the entire chain? Do I have to get it directly from them? So far I have just saved the Certificate from the browser. I was assuming this saved all of them but perhaps it only saves the root one? -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 2:28 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL Ok that gave me the Certificate was added to the keystore message but after I restart ColdFusion and I attempt to CFHTTP to the URL I still get a connection failure message. Not sure what to even try next :( There can be all kinds of things that go wrong with certificates. Does the site use just a root certificate, or do they also have an intermediate certificate? You'll have to import the entire certificate chain if the latter is the case. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347244 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
Ok my next question would be how do I get the entire chain? Do I have to get it directly from them? So far I have just saved the Certificate from the browser. I was assuming this saved all of them but perhaps it only saves the root one? Your browser will have a screen where it shows you all the certificates within the chain. You can select each and save it in turn. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347246 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Ok did that and the cfhttp worked one time. Now it tells me Connection Failure again. Any ideas? Seems like it should either work or it shouldn't. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 2:39 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL Ok my next question would be how do I get the entire chain? Do I have to get it directly from them? So far I have just saved the Certificate from the browser. I was assuming this saved all of them but perhaps it only saves the root one? Your browser will have a screen where it shows you all the certificates within the chain. You can select each and save it in turn. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347247 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
Ok did that and the cfhttp worked one time. Now it tells me Connection Failure again. Any ideas? Seems like it should either work or it shouldn't. I don't really have any other ideas about what could cause the problem. If you stop and restart CF, does it work one time again? What JVM are you using? Can you try upgrading to the latest supported JVM, adding the certificates to the new keystore and trying again? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347248 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Nope I tried a restart of the service and it still says connection failure. Says I am using JVM 1.6.0_14 What is the latest supported JVM? Seems like it should work all the time or none at all. Seems odd that it works intermittently. I appreciate all your help. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 3:20 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL Ok did that and the cfhttp worked one time. Now it tells me Connection Failure again. Any ideas? Seems like it should either work or it shouldn't. I don't really have any other ideas about what could cause the problem. If you stop and restart CF, does it work one time again? What JVM are you using? Can you try upgrading to the latest supported JVM, adding the certificates to the new keystore and trying again? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347252 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
Nope I tried a restart of the service and it still says connection failure. Says I am using JVM 1.6.0_14 What is the latest supported JVM? This is the latest 1.6 JVM: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u27-download-440405.html I don't know if it's supported, I'd have to check the Adobe site, but usually the latest update to the currently-supported major version works fine. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347254 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
On Tue, Sep 6, 2011 at 3:27 PM, webmas...@pegweb.com wrote: Nope I tried a restart of the service and it still says connection failure. Says I am using JVM 1.6.0_14 What is the latest supported JVM? The latest *supported* JVM for CF 8 and CF 9 is 1.6.0_24 (see http://kb2.adobe.com/cps/894/cpsid_89440.html). Note that more current versions typically work just fine, but are not officially supported by Adobe. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347255 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Does an updated KeyStore come with an updated JVM? -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 3:39 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL Nope I tried a restart of the service and it still says connection failure. Says I am using JVM 1.6.0_14 What is the latest supported JVM? This is the latest 1.6 JVM: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u27-download-440405.html I don't know if it's supported, I'd have to check the Adobe site, but usually the latest update to the currently-supported major version works fine. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347256 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Yeah I'm not sure what to do next. After a reboot it works fine for about 5 min or so then goes back to Connection Failure. Makes no sense. :( -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 3:39 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL Nope I tried a restart of the service and it still says connection failure. Says I am using JVM 1.6.0_14 What is the latest supported JVM? This is the latest 1.6 JVM: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u27-download-440405.html I don't know if it's supported, I'd have to check the Adobe site, but usually the latest update to the currently-supported major version works fine. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347260 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
Does an updated KeyStore come with an updated JVM? Each JVM has its own keystore. So, if you switch to a newer JVM, you'll have to reimport certificates into that JVM keystore if you want them. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347261 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CFHTTP Connection Failure on SSL
Ok thank you. My next step is to try to update the JVM and see what that does. Makes no sense why it works for a little bit after a reboot then starts Connection Failure again. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Tuesday, September 06, 2011 4:59 PM To: cf-talk Subject: Re: CFHTTP Connection Failure on SSL Does an updated KeyStore come with an updated JVM? Each JVM has its own keystore. So, if you switch to a newer JVM, you'll have to reimport certificates into that JVM keystore if you want them. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347262 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFHTTP Connection Failure on SSL
Ok thank you. My next step is to try to update the JVM and see what that does. Makes no sense why it works for a little bit after a reboot then starts Connection Failure again. Perhaps there's a problem in addition to the certificate problem. You may have solved one problem, just to encounter another. There are all kinds of things that might cause connection failure messages generally - Googling CFHTTP connection failure will give you some ideas. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347263 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm