8 Replies Latest reply: Mar 24, 2011 8:09 AM by dujsu RSS

    HTTPS Webservices

    dujsu Community Member
    dujsu Jan 28, 2011 5:33 AM

      Im not familiar enough with webservices to understand this issue so Im hoping someone else can give me a hand. Im trying to consume a webservice that is available via an https URL and we are experiencing issues just getting connected to the wsdl. When I try to telnet server to server I get a Connect Failed error. So I had our SA open the firewall to our IP, but am still getting the same message. Is there anything else I need to do on our server in order to make this connection? Also, should I elect to have the SSL turned off while I am testing in our development environment? Does it make that much difference in what I can see during testing? I'd prefer to just leave it on since that is how it will operate in our production environment... Any advice is appreciated.

      • 962 Views
      • Tags:
        • 1. Re: HTTPS Webservices
          Owain North Community Member
          Owain North Jan 28, 2011 5:41 AM (in response to dujsu)

          If you're getting actual connection issues then it doesn't matter whether it's SSL or not, it's simply a connectivity issue between the CF box and the remote service.

           

          Sounds like a firewall or routing issue, but it's certainly not something you'll be able to fix in your code. Are you sure port 443 is open out from your firewall *and* in to theirs?

           

          Keep beating your sysadmin until it works

          • 2. Re: HTTPS Webservices
            dujsu Community Member
            dujsu Jan 28, 2011 5:48 AM (in response to Owain North)

            Haha..okay, thats what I needed to hear, thank you for verifying my sanity. I will keep on him. Thanks!

            • 3. Re: HTTPS Webservices
              Dave Watts CommunityMVP
              Dave Watts Jan 28, 2011 7:18 AM (in response to dujsu)

              I'm not sure telnet will be a useful way to test connectivity for ports that require encrypted connections. I'd recommend that you just try using a browser (wget if you can only browse via a command line).

               

              Dave Watts, CTO, Fig Leaf Software

              http://www.figleaf.com/

              http://training.figleaf.com/

              • 4. Re: HTTPS Webservices
                dujsu Community Member
                dujsu Jan 28, 2011 9:40 AM (in response to Owain North)

                result.png

                So, now the firewall changes have been made and now getting a different error. Seems like this is still a network issue.. Thoughts?

                • 5. Re: HTTPS Webservices
                  Dave Watts CommunityMVP
                  Dave Watts Jan 28, 2011 10:59 AM (in response to dujsu)

                  No, this is probably a certificate verification issue. You'll probably have to install the remote server's certificate chain in your keystore.

                   

                  http://www.google.com/search?q=coldfusion+java+keystore

                   

                  Dave Watts, CTO, Fig Leaf Software

                  http://www.figleaf.com/

                  http://training.figleaf.com/

                  • 6. Re: HTTPS Webservices
                    dujsu Community Member
                    dujsu Jan 31, 2011 6:51 AM (in response to Dave Watts)

                    Here is the stack trace for the error above. I am unfamiliar with how to read most of this, but I don't see that there is a "HandShake" error of any kind. Anyone see anything that would say this doesn't relate to a network and/or certificate issue?

                     

                    coldfusion.tagext.net.HttpTag$HttpConnectionFailureException: Connection Failure: Status code unavailable at coldfusion.tagext.net.HttpTag.connHelper(HttpTag.java:1004) at coldfusion.tagext.net.HttpTag.doEndTag(HttpTag.java:1062) at cftest62ecfm238689358.runPage(C:\Inetpub\wwwroot\test6.cfm:57) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:279) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.CfmServlet.service(CfmServlet.java:175) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

                     

                    Also, I am having trouble getting a copy of the certificate for the remote server from the SA. Is it a must to have the remote cert in our Keystore?

                    • 7. Re: HTTPS Webservices
                      Dave Watts CommunityMVP
                      Dave Watts Jan 31, 2011 9:13 AM (in response to dujsu)

                      My money is still on it being a certificate issue. To install the certificate, just visit the remote URL in a browser, and use that to save the certificate locally. Then, add it to your certificate store as described at the link I gave in the last email.

                       

                      Dave Watts, CTO, Fig Leaf Software

                      http://www.figleaf.com/

                      http://training.figleaf.com/

                      • 8. Re: HTTPS Webservices
                        dujsu Community Member
                        dujsu Mar 24, 2011 8:09 AM (in response to Dave Watts)

                        Sorry its taken so long to respond. Adding the certificate to the java key

                        store fixed my issues.

                         

                        I used Mark Kruger's blog article for handling the specifics.

                         

                        http://mkruger.cfwebtools.com/index.cfm?mode=entry&entry=8E44925A-B73D-E3AD-709D4E02FD6D45 88

                         

                        Thanks again for all the help.