Copy link to clipboard
Copied
Hello,
I have some code that can be used to check if a URL exists where arguments.u is a full URL (http://www.google.com/ for example) - from this I can determine if a URL exists or not as part of a broken link checker for our content.
<cfhttp method="head" url="#arguments.u#" resolveurl="no" throwonerror="no" />
But, in some cases, that arguments.u will be a https URL, like https://www.keeleklikk.ee/ - which is a valid URL and I can access it no problem.
But this gives me the following response from the cfhttp:
struct | |||
---|---|---|---|
Charset | [empty string] | ||
ErrorDetail | I/O Exception: peer not authenticated | ||
Filecontent | Connection Failure | ||
Header | [empty string] | ||
Mimetype | Unable to determine MIME type of file. | ||
Responseheader |
| ||
Statuscode | Connection Failure. Status code unavailable. | ||
Text | YES |
How can I modify my cfhttp call so that it properly checks https URLs as well as regular http ones?
Thanks,
Phil.
Copy link to clipboard
Copied
I/O Exception: peer not authenticated usually means you are having a SSL certificate failure. This can be that the url domain name does not match the certificate or the certificate root and/or intermediaries are not in your local certificate store. So far I have not found a way to tell CF to ignore certificate issues and just connect using it so writing an app to scan random or dynamic UR's will be very difficult as it will mean a lot of manual certificate importing. You can google "coldfusion SSL import certificate" of "coldfusion SSL problems cfhttp" and find several threads and posts on this topic.
Copy link to clipboard
Copied
I've run into this and the scenario is as Steve explained. Short of shelling out to curl, which has an option to ignore certificate errors, I never found a good CF solution. There used to be a custom tag CFHTTP5 that had a lot of great options - when I googled for it to answer your post I found this posting from Ray C that shows a possible CF work-around for the problem: http://www.raymondcamden.com/index.cfm/2011/1/12/Diagnosing-a-CFHTTP-issue--peer-not-authenticated
-reed
Copy link to clipboard
Copied
@Steve Sommers:
The code will be dynamic based on the URLs that are stored in the content - which we won't know until the content has been entered, and even then the content will change every week so any method that involves manually importing certificates will not be possible - it's meant to be an automatic thing, so I think that from this and the other Google searches I've done, it's not possible in CF.
@REEDPOWELL:
I will look into the curl method, if this is able to do what I need and I can trigger it and get a response within CF then it looks (so far) like the only solution. I had already found that post by Ray Camden, but it gave the same dump with the I/O Exception, so it didn't work for me.
Copy link to clipboard
Copied
As Steve and Reed have pointed out, it is indeed a well-known problem. Two examples reported in this forum
http://forums.adobe.com/thread/1203444
http://forums.adobe.com/message/4246821#4246821
Generally, to use SSL in ColdFusion, you first have to import the certificate into the key store of ColdFusion's JRE. You may do so dynamically in 2 steps:
1) Test whether the site is SSL. If so, use cfexecute to run Openssl to download the certificate to a location on your server;
2) Use the Keytool utility to import the file from 1) into the keystore {JRE_DIR}/lib/security/cacerts of your ColdFusion installation.
However, not having tested this, I wonder whether it is possible to update the settings like this without restarting the server.