Ok. I finally figured out how to create my own security certificate on my Windows 2003 server, using Certificate Services. I can access my server using https:// right now -- the browser gives me an error because it's not a trusted cert, of course, but https:// does work if I ignore the "not trusted" message...
So, I'm trying to secure a ColdFusion 8 data-channel on my intranet. I've edited the services-config.xml file to give me a cf-amf-secure channel, and I'm directing one of my remote objects to my new "SecureColdFusion" destination... Obviously the CF part appears to be working -- because it IS attempting to access https://localhost/flex2gateway/cfamfsecure. But every time it does, I get a cross-domain policy error. If I run the program in Debug mode, I actually get a "failed to load https://localhost/crossdomain.xml"; error message immediately before I get the general "security sandbox" error. What I think is happening is that Flex is trying to load the crossdomain.xml file through https:// not http:// and the untrusted security certificate is preventing the crossdomain.xml file from being loaded. I did add a 'Security.loadPolicyFile("http://localhost/crossdomain.xml";);' command to my program, and that didn't change anything. It still gives me the "failed to load" error. Did I mention I hate security issues? Anyway -- I think the trick is to somehow make Flex trust my self-created cert. If I can do that, then it should be able to load crossdomain.xml from the https. Can anyone help me get Flex to trust my self-created certificate? Thanks, Laurence MacNeill Mableton, Georgia, USA
