cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

CF8 Use of clientCert and cfhttp

edervaux
New Here ,
Feb 05, 2008 Feb 05, 2008

Copy link to clipboard

Copied

Dears,

In coldfusion 8, we are trying to implement a web service call in secured mode (use of ssl and client certificate).
we used therefore new elements clientCert and clientCertPassword into cfhttp command.
we received a Connection Failure as a result (coldfusion side).

At web server of producer side (Apache), we receive an error HTTP 400:
172.21.160.124 - - [04/Feb/2008:13:18:23 +0100] GET / 400 472 - - -

Any idea / hint would be welcome ;)

code page is attached
TOPICS
Advanced techniques

Views

2.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
edervaux
New Here ,
Feb 06, 2008 Feb 06, 2008

Copy link to clipboard

Copied

Another important element:
the certificate .p12 is not a certificate trusted by a Certificate Authority like Verisign.
It is one that we generated at our side.
Is there maybe a specific configuration to do in this case in ColdFusion or in our machine (Windows 2003 Server)?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mjsale
New Here ,
Feb 18, 2008 Feb 18, 2008

Copy link to clipboard

Copied

Hi

I am actually running into the same issue her eon my end with a p12 cert.. Have you found anything else? I get the same connection error as well. Here's my code.. I tried both sending garble to the service and actual soap messages.

<CFSAVECONTENT variable="myXML">
hello
</CFSAVECONTENT>


<CFHTTP
method="post"
url="https://198.136.211.18/axis/services/TPGSecureLink"
port="8448"
clientCert = "c:\inetpub\wwwroot\adirondack3.p12"
clientCertPassword = "xxxxx"
result="getout">

<CFHTTPPARAM type="header" name="SOAPAction" value="">
<CFHTTPPARAM type="xml" value="#myXML#">
</CFHTTP>

<CFDUMP var="#getout#">

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
edervaux
New Here ,
Feb 19, 2008 Feb 19, 2008

Copy link to clipboard

Copied

LATEST
In Response To mjsale
Hi,

yes we went further. But this is not so easy.

Explanation:

Before an SSL connection can be established with CFHTTP to a server the certificate of that server needs to be imported as a trusted certificate in the ColdFusion truststore with the keytool command. The command to do so is:
keytool -import -trustcacerts -keystore cacerts -storepass <password> -noprompt -alias <alias> -file <certfile>
If you use another CA certificate authority, then you also have to import the CA into the ColdFusion truststore.

Before a client certificate can be used it needs to be in a specific format, pkcs. Of course this client certificate must contain the private key.
You also have to import the client certificate into the Windows Certificate Store (if you run under a windows desktop/server).
In your ColdFusion cfhttp tag, use this .pkcs certificate file.

Tell me if it works like this 🙂

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices