Try performing a CFHTTP call against your SSL site URL using the same CF server that you have your scheduled tasks on and dump the result. If you get a connection failure / peer not authenticated result than it sounds like the issue is with the new SSL cert not being imported correctly into the CF cert store. If you are still having issues with the import, try importing the new cert while using the same system login that CF uses (on windows boxes).
This is the process that we use:
- Go to a page on the SSL server.
- Double-click the lock icon.
- Click the Details tab.
- Click Copy To File.
- Select the base64 option and save the file.
- Copy the CER file into ColdfusionDir\runtime\jre\lib\security
- Run the following command from the same directory (keytool.exe is located in ColdfusionDir\runtime\jre\bin) ..\..\bin\keytool.exe -import -keystore cacerts -alias UniqueName -file filename.cer
- You may be prompted with a password, check with your CF administrator for the correct cert change password (this is not the same as the CF admin password)
- Restart Coldfusion
Hope that helps!
Thanks very much for the reply. I set up the CFHTTP call and get an error
msg that simply says "connection failure." However, I've run through the
steps to import the cert with one of the system admins here and it did not
solve the problem. Any other thoughts?
Have you dumped the entire CFHTTP scope after your CFHTTP call? Unlike the CFHTTP.filecontent variable which just contains the result of the post, the CFHTTP scope object created after a side-post contains a bunch of other helpful information, including headers, result codes, etc. If you haven't already, try doing a dump right after your CFHTTP call:
you may get some more specifics about what might be causing the issue.
Yes I did that today:
Failure. Status code unavailable. Text YES
We think we've narrowed it down to the actual name of the certificate, and
there being a mismatch with the "common name" on the cert. (I'm a
developer, not a sys admin, so I'm a bit foggy on all that) He is
researching the problem tonight and plans to try and re-create the cert with
the same name as the original. I'll post an update tomorrow with any
I assume you're using a system account to connect (as opposed to user) and you've checked that the password didn't change.
yes - the login credentials were all fine. I should have posted a reply to
this issue, but honestly didn't have the technical expertise to explain it.
We found out the problem was with our SSL cert that had been created in
house - but that's really the best I can explain. We called in a tech
services company that we deal with on occasion and they jumped on our system
and fixed the problem. I really never got a full explanation on what they
Do you have any suggestions on how to find out the keystore password? The server was setup up years ago. I just recently renewed the SSL Cert and now the scheduled tasks aren't working. I gone through many posts and this is the closest to what I'm experiencing. I just don't remember setting a keystore password. HELP!!!!
Yes that helped -
I am back in business!
Recently upgraded to CF9 and ran into this same issue again. I ran through the ssl cert import as described in one of the replies to this original post, and the command line messages said it was successful, but apparently it was not. I used the Certman Admin extension to import the cert and the problem was solved.
Wow, this thread takes me back...
I should also mention that on occassion you may have to import not just the new certificate, but all the certificates in the trust chain up to the root. As time goes on, especially for older server instances, the likelyhood that certificate authorities in the chain have made changes that CF does not have in its keystore increase. We've encountered this issue a few times.