Re: GeoTrust SSL importing cert to server store doesn't help
Interestingly I tried all possible imports I could find. I havent been able to come back to this issue, and in the 10 days I left it something has changed, because now all my servers are able to connect. Bizzare, I will call SecurePay next week to find out what the deal is, and if they can answer why this now works, but I dont hold out any hope of finding out why it works. Thanks for your help! Dunc On Tue, Apr 12, 2011 at 6:15 PM, James Holmes james.hol...@gmail.comwrote: Just the two CAs from Geotrust will be fine. The intermediate cert was issued in 2010, so it's very likely that it's not in your CA store. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 12 April 2011 16:08, Duncan duncan.lox...@gmail.com wrote: Hi James - Thanks for the quick response! Yes. Is that a yes because its a new fancy certificate, or I need all the certs? When I look at the hierarchy, there are 3 each with different serials. Do I need just the two geotrust ones, or the securepay one too? On Tue, Apr 12, 2011 at 6:01 PM, James Holmes james.hol...@gmail.com wrote: Yes. Vist the URL for the test site in your browser and view the cert details. Go to the certification path and you'll see it's a chained cert with two CAs in the path. You need to export both of them from your browser and then bring both into the CA keystore with keytool. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 12 April 2011 15:55, Duncan duncan.lox...@gmail.com wrote: Could this be some new type of SSL certificate and I actually need the root CA cert? If so, how do I go about finding this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343897 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
GeoTrust SSL importing cert to server store doesn't help
Hi Everyone, Securepay.com.au issued a new SSL certificate on their test environment 7/4/2011 and it has had an effect on our code when running in test mode. I have isolated it to be related to the I/O Exception: peer not authenticated issue as detailed by Rob Gonda and Steven Erat - http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool - http://coldfusion-archive.robgonda.com/blog/index.cfm/2007/10/29/ErrorDetail-IO-Exception-peer-not-authenticated/ However, I have followed these posts and imported the test.securepay.com.aucertificate and still ColdFusion 8 (Enterprise) doesn't like the URL. My Key store implies I have GeoTrust items in it, and it worked before the SSL change, so I am now a bit lost. I have put together a test script below, it is located at http://www.red5.com.au/gatewaytest.cfm so you can see the behaviour. I put in the Eway URL too, just as a sanity check. I would really appreciate some one running this on their own CF8 environment to see if the issue exists there, and if so, does importing the certificate resolve the issue for you? Could this be some new type of SSL certificate and I actually need the root CA cert? If so, how do I go about finding this? Thanks! [code] cfsavecontent variable=XmlRequest ?xml version=1.0 encoding=UTF-8 ? SecurePayMessage MessageInfo messageID/messageID messageTimestamp#DateFormat( now(), mmdd)##TimeFormat(now(), HHmmssL000+600)#/messageTimestamp timeoutValue60/timeoutValue apiVersionxml-4.2/apiVersion /MessageInfo /SecurePayMessage /cfsavecontent cfhttp method=post url=https://www.securepay.com.au/xmlapi/payment; timeout=80 result=XmlResponse cfhttpparam type=xml value=#XmlRequest#/ /cfhttp cfdump var=#XmlResponse# label= https://www.securepay.com.au/xmlapi/payment; cfhttp method=post url=https://test.securepay.com.au/xmlapi/payment; timeout=80 result=XmlResponse cfhttpparam type=xml value=#XmlRequest#/ /cfhttp cfdump var=#XmlResponse# label= https://test.securepay.com.au/xmlapi/payment; cfhttp method=post url=https://www.eway.com.au/gateway/xmlpayment.asp; timeout=80 result=XmlResponse cfhttpparam type=xml value=#XmlRequest#/ /cfhttp cfdump var=#XmlResponse# label= https://www.eway.com.au/gateway/xmlpayment.asp; [/code] -- Duncan I Loxton duncan.lox...@gmail.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343668 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: GeoTrust SSL importing cert to server store doesn't help
Yes. Vist the URL for the test site in your browser and view the cert details. Go to the certification path and you'll see it's a chained cert with two CAs in the path. You need to export both of them from your browser and then bring both into the CA keystore with keytool. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 12 April 2011 15:55, Duncan duncan.lox...@gmail.com wrote: Could this be some new type of SSL certificate and I actually need the root CA cert? If so, how do I go about finding this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343669 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: GeoTrust SSL importing cert to server store doesn't help
Hi James - Thanks for the quick response! Yes. Is that a yes because its a new fancy certificate, or I need all the certs? When I look at the hierarchy, there are 3 each with different serials. Do I need just the two geotrust ones, or the securepay one too? On Tue, Apr 12, 2011 at 6:01 PM, James Holmes james.hol...@gmail.comwrote: Yes. Vist the URL for the test site in your browser and view the cert details. Go to the certification path and you'll see it's a chained cert with two CAs in the path. You need to export both of them from your browser and then bring both into the CA keystore with keytool. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 12 April 2011 15:55, Duncan duncan.lox...@gmail.com wrote: Could this be some new type of SSL certificate and I actually need the root CA cert? If so, how do I go about finding this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343670 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: GeoTrust SSL importing cert to server store doesn't help
Just the two CAs from Geotrust will be fine. The intermediate cert was issued in 2010, so it's very likely that it's not in your CA store. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 12 April 2011 16:08, Duncan duncan.lox...@gmail.com wrote: Hi James - Thanks for the quick response! Yes. Is that a yes because its a new fancy certificate, or I need all the certs? When I look at the hierarchy, there are 3 each with different serials. Do I need just the two geotrust ones, or the securepay one too? On Tue, Apr 12, 2011 at 6:01 PM, James Holmes james.hol...@gmail.comwrote: Yes. Vist the URL for the test site in your browser and view the cert details. Go to the certification path and you'll see it's a chained cert with two CAs in the path. You need to export both of them from your browser and then bring both into the CA keystore with keytool. -- WSS4CF - WS-Security framework for CF http://wss4cf.riaforge.org/ On 12 April 2011 15:55, Duncan duncan.lox...@gmail.com wrote: Could this be some new type of SSL certificate and I actually need the root CA cert? If so, how do I go about finding this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343671 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm