RE: CFHTTP & SSL Cert

2014-04-17 Thread Brook Davies 

It continues to work fine in the browser. Its pretty weird how it will work
for a day and then start generating this error:

AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode: 
 faultString: javax.net.ssl.SSLException: java.lang.RuntimeException: Could
not generate secret
 faultActor: 
 faultNode: 
 faultDetail: 
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException:
java.lang.RuntimeException: Could not generate secret
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.jav
a:1675)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1204)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1181)
at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.ja
va:186)
at
org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender ''


Note, this is the error from a webservice call, using CFHTTP generates the
I/O Exception: peer not authenticated. 

Restarting the CFService resolves the problem temporarily. I deleted and
re-added the CERT to the cacerts store yesterday with no change...

Just weird right?

Brook

-Original Message-
From: John M Bliss [mailto:bliss.j...@gmail.com] 
Sent: April-16-14 11:02 AM
To: cf-talk
Subject: Re: CFHTTP & SSL Cert


When cfhttp is broken, can you drop the URL into your browser and have it
work? Or is it broken there too?


On Wed, Apr 16, 2014 at 12:27 PM, Brook Davies  wrote:

>
> Hey Peeps,
>
> After heartbleed, I had to re-add the EchoSign Cert to our keystore 
> (via the
> keytool) on all our servers. It worked as expected, and the connection 
> started working again. However, on one our webservers, it works, and 
> then later that day stops being able to connect and I get "I/O 
> Exception: peer not authenticated" when I try to CFHTTP to the HTTPS 
> address. If I restart the server, it works again, and then stops working
again later in the day.
>
> What the heck could cause that? My other webservers work without an issue.
> But this one seems to keep failing. The cert IS in the keystore...
>
> Any ideas?
>
> Brook
>
>
>
>
>
> 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358343
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFHTTP & SSL Cert

2014-04-16 Thread John M Bliss 

When cfhttp is broken, can you drop the URL into your browser and have it
work? Or is it broken there too?


On Wed, Apr 16, 2014 at 12:27 PM, Brook Davies  wrote:

>
> Hey Peeps,
>
> After heartbleed, I had to re-add the EchoSign Cert to our keystore (via
> the
> keytool) on all our servers. It worked as expected, and the connection
> started working again. However, on one our webservers, it works, and then
> later that day stops being able to connect and I get "I/O Exception: peer
> not authenticated" when I try to CFHTTP to the HTTPS address. If I restart
> the server, it works again, and then stops working again later in the day.
>
> What the heck could cause that? My other webservers work without an issue.
> But this one seems to keep failing. The cert IS in the keystore...
>
> Any ideas?
>
> Brook
>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358342
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

CFHTTP & SSL Cert

2014-04-16 Thread Brook Davies 

Hey Peeps,

After heartbleed, I had to re-add the EchoSign Cert to our keystore (via the
keytool) on all our servers. It worked as expected, and the connection
started working again. However, on one our webservers, it works, and then
later that day stops being able to connect and I get "I/O Exception: peer
not authenticated" when I try to CFHTTP to the HTTPS address. If I restart
the server, it works again, and then stops working again later in the day. 

What the heck could cause that? My other webservers work without an issue.
But this one seems to keep failing. The cert IS in the keystore...

Any ideas?

Brook 





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358341
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm