Im not familiar enough with webservices to understand this issue so Im hoping someone else can give me a hand. Im trying to consume a webservice that is available via an https URL and we are experiencing issues just getting connected to the wsdl. When I try to telnet server to server I get a Connect Failed error. So I had our SA open the firewall to our IP, but am still getting the same message. Is there anything else I need to do on our server in order to make this connection? Also, should I elect to have the SSL turned off while I am testing in our development environment? Does it make that much difference in what I can see during testing? I'd prefer to just leave it on since that is how it will operate in our production environment... Any advice is appreciated.
If you're getting actual connection issues then it doesn't matter whether it's SSL or not, it's simply a connectivity issue between the CF box and the remote service.
Sounds like a firewall or routing issue, but it's certainly not something you'll be able to fix in your code. Are you sure port 443 is open out from your firewall *and* in to theirs?
Keep beating your sysadmin until it works
No, this is probably a certificate verification issue. You'll probably have to install the remote server's certificate chain in your keystore.
Dave Watts, CTO, Fig Leaf Software
Here is the stack trace for the error above. I am unfamiliar with how to read most of this, but I don't see that there is a "HandShake" error of any kind. Anyone see anything that would say this doesn't relate to a network and/or certificate issue?
coldfusion.tagext.net.HttpTag$HttpConnectionFailureException: Connection Failure: Status code unavailable at coldfusion.tagext.net.HttpTag.connHelper(HttpTag.java:1004) at coldfusion.tagext.net.HttpTag.doEndTag(HttpTag.java:1062) at cftest62ecfm238689358.runPage(C:\Inetpub\wwwroot\test6.cfm:57) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:279 ) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.ja va:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:7 4) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePers istenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.CfmServlet.service(CfmServlet.java:175) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:8 9) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringS ervletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46 ) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java: 286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java: 543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.ja va:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPoo l.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.j ava:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool. java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Also, I am having trouble getting a copy of the certificate for the remote server from the SA. Is it a must to have the remote cert in our Keystore?
My money is still on it being a certificate issue. To install the certificate, just visit the remote URL in a browser, and use that to save the certificate locally. Then, add it to your certificate store as described at the link I gave in the last email.
Dave Watts, CTO, Fig Leaf Software
Sorry its taken so long to respond. Adding the certificate to the java key
store fixed my issues.
I used Mark Kruger's blog article for handling the specifics.
Thanks again for all the help.