This content has been marked as final. Show 9 replies
Yes, I thought I followed it to the tee. However it still is not working. I tried to run "keytool -list -keystore cacerts -alias ldapserver-cert -storepass changeit -v" to check the cert but it just came back with a list of all the functions.
Any idea? Thanks
depending on where you've installed CF, you may need to change these paths -
Open a command prompt and cd to “C:\CFusionMX7\runtime\jre\bin”
From here you can feed the command prompt the following command (on one line):
keytool -list -storepass changeit -noprompt -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts
C:\CFusionMX7\runtime\jre\bin>keytool -list -storepass changeit -noprompt -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts
This should list out all the current certs.
This blog post has more info as well - http://www.coldfusionmuse.com/index.cfm/2005/01/29/keystore
also, you didn't say what the error message, if any, you were receiving when making the ldap call. If it's 'connection failure' then it's almost a guarantee that the issue is with the cert not being imported or configured properly.
Here is the error message:
Connection to LDAP Server failed
I just ran the list function and I do not see the certificate anywhere. In addition, I just ran another one which was Starfield.cer (godaddy) and I do not see it in there either. I made sure to restart CF after each time.
We also have a version of CF5 running and I understand that it is a bit easier to configure. Can you tell me where I could find the certificate_db? I am trying this: secure="CFSSL_BASIC, C:\cfusion\ldap\certificate_db"
However I get the following error:
Invalid security information for security type "CFSSL_BASIC" was provided within the SECURITY attribute. Please refer to the documentation for the correct format of this multi-field string value. Error: The path component, "C:\cfusion\ldap\certificate_db", specifies a file that does not exist.
Thanks for all your help!!
I think there may be an issue with how I name the alias. Would I name the alias ldap.domain.edu if that the server I was querying (server = "ldap.domain.edu")???
Well the believe it or not I figured it out. It was only after reading this post ( http://www.numtopia.com/terry/blog/archives/2006/07/importing_ssl_certificates_with_keytoo l_finally.cfm) that I started thinking that I remember I would import certificates and thenn run a list to make sure that they were in there. I could never find them and the total amount would always stay at 106.
I then entered the following (replace "whateverthecertis"): keytool -import -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts -file whateverthecertis.cer -alias whateverthecertis
All of the documentation examples I read (which was quite a bit) always had "-keystore cacerts" which places it in the same directory as the keytool (C:\CFusionMX7\runtime\jre\bin). Therefore the CF server never sees it.
I hope this helps someone as it would have saved me a week.